Data leaks can be extremely damaging, exposing us to financial fraud and personal and professional embarrassment. But many people are happy to continue using web sites and service that have suffered breaches, provided they respond to incidents in a timely manner.
That’s one of the findings from a survey carried out by Broadband Genie. We asked 1,500 people about their experiences with the hacks and leaks which have impacted companies such as Adobe, Yahoo! and Dropbox and found that 85% would still consider using a service or site that had been hacked, depending on how they reacted after it was discovered.
All organisations handling confidential data need to think about how they’d respond to a hack or leak as it could make a huge difference to how many users stick around afterwards.
41% of respondents said that promptly informing users was the most important action to take after a hack or leak is discovered, followed by fixing the cause of the breach.
85% said they should be told within 24 hours of the breach being discovered.
Unfortunately, the reality is that many hacks aren’t revealed until days, months or even years after they occurred. The infamous Ashley Madison breach was discovered by site admins on the 12th of July 2015 but only announced on the 15th - not a huge delay but worrying given the extremely sensitive nature of the leak. More recently, the image sharing site WeHeartIt announced the discovery of a security breach which dated back years. And Yahoo! only revealed at the end of last year that billions of accounts were exposed in 2013.
It’s concerning to see that only a minority of those in our survey had ever checked to see if their personal data was exposed, something which is easy to do using free online tools.
Protecting your personal data
While there isn’t much you can do to prevent a hack occurring in the first place, there are ways to minimise the impact in the event your personal information is compromised.
Use strong, unique passwords
Good password security is essential. Weak passwords can be quickly cracked with modern hardware, so use random phrases of at least 12 characters. And every password should be unique so one cracked or leaked password cannot be used to access other accounts.
Don’t reveal too much
When signing up for a site or service provide the bare minimum amount of personal information, and only enter genuine details if it’s absolutely necessary.
Have a junk email address
Create an email address to be used when signing up for sites to reduce the amount of spam that ends up in your main inbox. Gmail has a free alias feature that’s especially useful for this purpose.
Check for leaks
Use Have I been pwned? to check if your email addresses and usernames have been included in leaks. Always change the passwords of any compromised accounts.