Ransomware attacks on major companies have become a daily occurrence. In just the past few weeks, we’ve seen Garmin, Canon and, most recently, Carnival Cruise Line fall victim. While there are obvious financial losses to the companies at hand, the potential for the greatest loss lies with their customers.
In the Carnival attack, guest and employee data was accessed and stolen by cybercriminals. We know this not because the cruise giant informed its employees and customers, but instead because of a Security and Exchange Commission filing. In the document, the cruise line notified the SEC and expressed concerns of “unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders or regulatory agencies.”
Let that sink in: Customers weren’t informed first; lawyers and a regulatory body were. This is a common practice today, but it clearly isn’t the right thing to do. Instead, those whose data fell into the wrong hands should be informed immediately. Not only does this level of transparency serve in the greater interest of a community who is fighting back against these criminals, but it also affords the victims as much time as possible to take preventive measures to protect themselves.
Every minute that passes when these innocent individuals are not informed is another minute they’re likely to fall victim to a host of risks. These range from identity theft, which has been on the rise since the COVID-19 pandemic began, to phishing attacks. Even more so, these sorts of attacks can place one’s workplace at risk, too.
Transparency is incredibly important after a ransomware attack. That transparency should first be extended to those affected, in this case, the customers and employees. Next, the complete details of the attack should be investigated. It’s only through that complete transparency and investigation that experts can analyze how to better protect against the next attack.
The responsibility to be transparent lies with the company. But a there are a few easy steps customers can take to protect themselves.
First, enroll in identity-theft protection. This sort of protection is essentially insurance against your identity being stolen and provides proactive monitoring of your credit history. Identity-theft protection also provides you with dark monitoring, which watches an area of the internet where hackers and fraudsters operate anonymously to commit identity theft and other crimes. This sort of service also will pair you with professional identity-theft recovery specialists who will assist you in notifying the proper authorities such as banks and government agencies.
Second, it is imperative that you regularly change all of your passwords. I know it sounds tedious, but it really is very important. Change your password to something you’ve never used before, and make sure it’s a complex password. That means using uppercase and lowercase letters, numbers and special characters. And most importantly, never use the same passwords that you use at home on your business devices.
Third, stay alert. You must be careful on the internet. Regardless of what company your data was stolen from, many of these cybercriminals will now try to impersonate that company in an effort to further victimize you. To stay vigilant, I strongly recommend you always check the “from” email address to make sure it’s a legitimate address. Additionally, be careful when you open attachments. If you have any doubt about something in your email, go to the company’s website and call to verify the information sent to you before opening it.
In our ever-reliant cyber world, cybercrimes are on the rise. Each day, criminals are increasing the frequency and complexity of their attacks. But even with these advancements, these three steps will greatly reduce your risk of becoming a cybercriminal’s next victim.
Rob Cheng is the CEO and founder of PC Matic.