Remember the breach of the U.S. Office of Personnel Management (OPM) in June? At the time of the breach, initial estimations indicated that 4 million current and former federal employees were affected. Those numbers were later adjusted to 21.5 million; and now, experts speculate that upwards of 275 million people were actually affected due to the nature of the information taken.

Hackers targeted SF-86 forms, which are used to obtain security clearances. These 127-page forms reveal information not only about the applicant, but also personally identifying information for around 14 of the applicants’ closest family and friends. This incredible volume of information is a veritable treasure trove that could be used to steal identities and wreak havoc. And we don’t even know who all is affected yet—the federal government is still in the process of notifying all of the victims involved, including 19.7 million contract and government workers dating back to 2000, and 1.8 million non-government workers named in the forms.

So why is this not old news? Last week, The Institute for Critical Infrastructure Technology, issued a report for the victims about how they can move forward. Just because of the sheer scale of the breach, we felt it important to pass along the recommendations. Even if you weren’t a victim of this particular breach, the security measures presented here could go a long way to preventing or mitigating a hack.

Use Phony Data in Security Questions

Many sites utilize security questions to “protect” your data or recover a forgotten password. The problem is that most answers to these security questions are now publicly available online or in social media. Mother’s maiden name? First city you lived in? First elementary school? First job? All answers are easily accessible on a complete social media profile. To scam potential hackers, security experts recommend making up data to use for these questions. Sure, you have to remember a fake data point. But in the long run, isn’t making up a fake birth city far better than a stolen identity?

Use Proper Password Management

Many websites and programs today require you to choose a password with highly unique characters. We get it—all those letters, numbers, dollar signs, symbols, etc. make for a combination of passwords that can be inherently impossible to remember. When you have to give up, it’s far better to press the “I Forgot my Password” button than it is to keep track of this information in a written file or password management software. Also, make sure you regularly cycle your passwords, changing them once every three months or so.

Educate Your Children

Cybersecurity is a team effort. Tell your family how important it is to safeguard their data. Warn them to use caution when they share personal information online. Help them understand the danger of phishing attempts targeted toward children—as unpleasant as it is, these attacks are on the rise because of the promise for long term profitability. View our IT support services for assistance in keeping your data safe.

RESOURCES:

http://fcw.com/articles/2015/08/19/how-opm-fights-back.aspx

http://thehill.com/policy/cybersecurity/247968-opm-hack-notifications-could-take-weeks

http://www.qualitydigest.com/inside/quality-insider-article/082015-reviewing-us-office-personnel-management-data-breach.html#