Was Your Email Account Exposed in a Data Breach?

🔊 Listen to Post

As we all know too well, hacking and data breaches are a daily occurrence these days. It’s important that you don’t let this reality make you lose hope. To protect your privacy and security, you should proactively take measures that will prevent you from becoming a victim of identity theft. In this article I will share some tips that will allow you to monitor your email account to find out if it has been compromised in a data breach and offer some guidelines for protecting your online identity.

Because phishing is responsible for a vast majority of cyberattacks and 76% of the businesses reported being a victim of a phishing attack last year, it’s imperative that you learn to protect your email and follow these simple guidelines to minimize the risk of being a victim.

• Make sure your computer has an anti-malware software installed. Windows 10 already includes Windows Defender, Macs usually don’t have one so you need to install one.
• Do not disable your computer’s firewall. Luckily, Windows 10 and Macs already include a builtin firewall.
• Watch out for suspicious emails, links, and attachments to prevent being a victim of a phishing attack.
• Use a password manager to store your passwords.
• Use multi-factor authentication (MFA) to protect your account whenever possible.
• Don’t store passwords in your web browser, use a password manager instead.
• Backup your data regularly. This will come handy in case of a ransomware attack.

Guidelines for Protecting Your Online Identity

You will find a lot of websites documenting online safety tips. For some basic steps to protect your identity online, check out this PC Magazine article. Here are some additional tips that I recommend. These guidelines are primarily focused on email safety. Following these suggestions will make a huge difference in enhancing your online safety.

1. Use one email (e.g. BillGates@Contoso.com) for government sites (irs.gov, ssa.gov, nih.gov, va.gov, etc.), financial institutions, hospitals, etc. They are unlikely to share your email with third-party vendors because of the regulations they have to follow.
2. Use a different email address (e.g. BillGates1@Contoso.com) for friends and family members because you know they are going to forward it to others in an email blast and there isn’t much you can do about that.
3. Use masked emails as throw away email accounts to sign up for newsletters, online purchases, and especially for social networking sites. These are email aliases that you can create on the fly and you can send and receive messages normally from your email of choice (e.g. BillGates1@Contoso.com), except that the recipient will never know your real email address. If someone spams you, one simple click will permanently block them. One of the most popular tool for masked emails is a web browser extension called BLUR. You can also use disposable emails as I explain in this article, which serves a slightly different purpose. If you use a password manager, you never have to remember these masked emails and can manage them easily in BLUR’s database.
4. Use a password manager and make sure that the same password is not used at a different site, so if your email is compromised in a data breach, the access will be limited to only one site.
5. Let your password manager generate a strong password. For example, if you use Office 365, generate a 100+ character password. I use 256-character passwords for my Office 365 accounts. Gmail also allows 100-character passwords. If you store your password in a password manager, you never have to memorize it so the length of the password won’t have a negative impact.
6. Use multi-factor authentication (MFA) whenever possible. Your password will be the first factor used for authentication. I recommend using Microsoft Authenticator app as a second factor for authentication.
7. If your email account has been compromised in a data breach, change your password immediately.

How Do I Know if My Personal Information Was Compromised?

Wouldn’t it be great if there was a website that would tell you if your private information was exposed in a data breach? Companies like Premera Blue Cross and Equifax, that are known for their cover ups after they were hacked, may not tell you right away if your confidential information is compromised. Luckily, there is a website that is useful in determining whether your email was compromised. It’s called Have I Been Pwned? It was created by Microsoft MVP Troy Hunt. Troy offers this website as a free service that gathers information from data breaches and helps people determine if they’ve been impacted by malicious activity on the Internet. In case you are wondering, the word pwned simply means compromised.

To find out if your personal information was exposed in a data breach, go to Have I Been Pwned? and enter your email. If your account is compromised, it will let you know when and where. You can also click on the Notify me link on the top menu and enter your email. You will be notified if your email account is compromised in a future pwnage. Similarly, you can use domain search and find out if email addresses on a specific domain have been exposed in a domain breach and get notified if they appear in breaches in the future. You can even enter your password to find out if it was exposed in a data breach.

Check out this website and let your family and friends know if they have been pwned.

Additional Reading

Here are some related articles that you may find helpful.

• Selecting a Password Manager
• The Advantages of Using a Password Manager
• Password Recommendations for Microsoft Accounts
• Comparison of Google and Microsoft Authenticator Apps
• Looking for a Free Disposable Email Service? Try 10MinuteMail

Copyright © 2020 SeattlePro Enterprises, LLC. All rights reserved.