What to do if your data has been breached

There were forty-four major corporate security data breaches last year, impacting hundreds of millions of Americans and their personal data. Unless you were extraordinarily lucky, the personal data that companies like Equifax and Uber and eBay have stored about you was likely compromised. So what are you supposed to do if your data has been breached? What if the companies you trusted to keep your address, bank information and even your health data safe, are hacked?

Here are the 4 steps you need to take when your information is part of a data breach:

1) Change your password immediately and make it a good one. Start with your account at the breached company. After, move on to other critical accounts (email accounts, banking and financial accounts, etc). If you ever needed a reason not to use the same password for your online accounts, this is it. Customer email addresses are often part of the data that is compromised in a breach. So many accounts depend on your email address, once a hacker has that and the access to your password, they can get pretty far into your life.

Want to know how to make a strong password or check the strength of a password? Click here for more information.

2) Contact the company that was part of the breach and confirm the personal information they have on file. This is to check that it hasn’t been altered. You can also verify what information was involved in the breach so you can take specific steps in the damage control process. Keep an eye on that account to be sure nothing suspicious occurs. Note: do NOT click on links in an email from any company where you have an online account. ALWAYS go directly to their website and DO NOT reply to any company generated emails. These are classic ways that hackers phish for information.

If it’s likely that your Social Security number may have been involved in the data breach, contact the Social Security Administration as soon as possible to decrease the likelihood of identity theft. It is particularly difficult to get a new Social Security number, so be prepared for a gamut of hoops to jump through.

3) Check the trash, spam and sent items in your email to be sure someone hasn’t tried to set up an account with your information. Since the verification for account changes or setting up an online account is sent via email, make sure no one has set up or tried to set up new accounts under your email address.

4) Take a look at the ship-to address on your account on sites like Amazon and other retailers, including prescription medication websites. Make sure the address hasn’t been changed on accounts that would be valuable to bad guys. It’s not likely it would happen right away in a big data breach, so keep an eye on things. Data that is stolen can take months or even years to trickle out from the dark web (the web’s version of the black market).

Be vigilant.

Changing your passwords is the quickest and most effective way to lessen the impact that a corporate data breach might have on you and the information that the company holds about you. Be vigilant about all your online accounts (including social media) to be sure that the activity is yours and yours alone.

As part of your on-going vigilance, make sure your computer is frequently updated, keep your data backed up, and run antivirus software regularly.

Corporate data breaches can make us all feel a bit helpless, but there are steps you can take to decrease the impact such an occurrence has on you, personally. Getting and maintaining good cyber-security habits will go a long way to keep your information more secure. And for details on what you can do to keep from being a personal victim of a cyber-attack, check out this article on cyber-security and how to not get hacked.

Again, be vigilant with your online data, because the stakes are high. Take care of your privacy and do everything you can to protect it with the help of LegacyVault. Try it for free today!


Cyber-security: How to know if you have a computer virus

What is a computer virus? What do they do? How do I know if I have one? And most importantly, how do I prevent getting a computer virus?

How is your computer feeling these days? There are a lot of things going around and it’s important to keep your computer strong and healthy. Every day as we connect more and more, our computer, tablet and cell phone ‘touch’ more things and are increasingly likely to ‘catch’ a cold or flu virus. If infected, it can cripple your work or home life as it wreaks havoc with your data and information.

What is a computer virus? And what does it do?

A computer virus is a chunk of code that is embedded into the regular code of a file (just like human viruses are embedded into the body’s cells). After they are downloaded, they may not act right away and can lay dormant without displaying any symptoms. The virus is activated when you open the program it has embedded itself in.

A virus on your computer might send spam email or messages to all your contacts. When they open it, they get the virus, too. Viruses can steal data and passwords, destroy files or take over your computer, even holding your files hostage for payment.

How do you get a computer virus?

Just like a human virus needs contact with another person to spread, an electronic virus needs to be connected to other technology to spread. Luckily for those viruses, we are all linked together via the Internet, our workplace and home networks. Basically, our devices are sitting ducks. Viruses are sent from one computer to the next by embedding themselves into files, usually as an email or text message attachment. Once the virus is activated, it starts its malicious work on your computer and works to spread anyway it can to the computers and people you are connected to. With access to our social network contacts and email contacts, a computer virus can go pretty far, pretty quickly.

What happens if I get a computer virus?

If your device has been infected with a virus and the virus is activated, you may notice a few of the following symptoms:

1) A change in your computer’s performance. It may seem sluggish and may take forever to do anything on it. This can happen for a number of reasons while the virus takes over the device.

2) You may suddenly have pop-ups for advertising that weren’t there before. They may even pop up if you aren’t using a web browser.

3) Your friends and other people in your contacts list (email, cell phone or social media) report that they are getting weird emails or messages from you.

If you notice these symptoms, you’re actually lucky because not all viruses show such clear symptoms. These symptoms are indicators that you may have a virus on your device. Turn it off and on and then follow these simple steps to check on a computer: First open a web browser and check your internet speed by doing a speed test. It’s good to know what speed you are set up for (and are paying for) to compare with your actual results. Second, pull up your Task Manager (or Activity Monitor for Mac) and see what processes are running on your computer. If you don’t recognize a process, especially one that is using a lot of memory or a high percentage of the CPU, it’s likely that your computer has a virus.

But sometimes you don’t know that your device has been infected, so you don’t know to take action. If you aren’t sure, follow the same steps you would to prevent a virus attack.

What can I do to prevent a computer virus from attacking my computer?

1) Be sure your computer, phone and tablet are updated.

Updates often repair holes in the computer code that easily allow a virus in, so keep on top of all those updates. (You can read more about ways to increase your personal cyber-security here.)

2) Make sure you have a good virus protection program loaded onto your computer.

There are several good ones that even have free versions, so don’t skip this step. If you haven’t downloaded virus protection software because you think you don’t have to worry about it, I bet you’d be surprised to find out that you probably already have a virus on your computer.

3) Keep your devices backed up.

If you don’t have an automatic backup already set up, start. Back up your data early and back it up often. Look for a cloud-based encrypted system that allows you to perform regular backups so you don’t ever have to worry if your documents are destroyed or hijacked in the event of a viral attack.

If you’re lucky, you’ll know if your computer has a virus so you can take action to stop the spread and protect yourself from future attacks. If you don’t know if your computer is infected with a virus (even a dormant one) take the time to run antivirus software and back up your computer.

You never know just how debilitating a (computer) virus can be until it brings your productivity to a painful and screeching halt. Don’t leave yourself vulnerable to a virus. Take a few steps to protect yourself so your computer will continue to work hard for you and not need any unpaid sick days.

Don’t gamble on your digital security, because the stakes are high. Take care of your privacy and do everything you can to protect it with the help of LegacyVault. Try it for free today!


Privacy Laws: Who owns your personal data? Personal Data and Online Security.

Entering into privacy law agreements

Who owns your personal data?

You do, of course. But there may be a lot of people who have access to use your digital content. Even if you’ve never posted a thing on social media like Facebook, Instagram or Twitter. Personal Data and security… let me explain. 

From a copyright perspective, anything you have created is yours. If you have taken a photo or written something (even a Facebook post), you own the copyright to it by default. However, if you ever store it in a cloud-based service or on a website (maybe one you order photos from) you have also given permission to lots and lots (and potentially lots) of people to use it however they want. They don’t infringe on your ownership, because you gave them permission to use it.

How did that happen?

Remember the “Terms of Service” box you had to click when you signed up for your Google, Shutterfly or whatever account? Sometimes you don’t even have to click a box, it will just say, ‘By clicking Sign Up you indicate that you agree to the Terms and Conditions…’. It’s pretty easy to just click and move on.

But if you did happen to scan those multiple pages of terms and conditions, you’d probably see something like this:

You will retain ownership of such User Submitted Materials [here, meaning photos or stuff you have created on their website with your photos], and you grant us and our designees a worldwide, non-exclusive, transferable, royalty-free, perpetual irrevocable right and license, with right of sublicense (through multiple tiers), to use, reproduce, distribute (through multiple tiers), create derivative works of and publicly display such User Submitted Materials…

Source: Shutterfly

Yeah, you can give websites and anyone they designate worldwide irrevocable and perpetual permission to use what you have on their site without really noticing. Whoever they designate includes more companies than you can shake a stick at. They might have a company they use to back up their servers, or write the software for user interface or do their web hosting and on and on and on. It ends up being a lot of people you didn’t realize that have access to your data, but all with your permission.

And this is doesn’t take into account when sites like Apple or Google get hacked and the hackers release photos (or documents) of actresses (or whoever) that they really would have preferred were not viewed by the general public.

Then, there’s the social media part of your data. Again, no company claims ownership of the stuff you post, but they can use it. And they can even sell it to other companies without your knowledge or consent. And no, posting a notice telling Facebook they can’t use your data does not override the consent you gave when you signed up.

Recently, a law firm re-wrote Instagram’s Terms of Use so that teenagers (and the rest of us) could clearly understand what we were agreeing to when we clicked that little box.

Here’s a sample of their pass through the legal-ese:

Officially you own any original pictures and videos you post, but we are allowed to use them, and we can let others use them as well, anywhere around the world. Other people might pay us to use them and we will not pay you for that.

Although you are responsible for the information you put on Instagram, we may keep, use and share your personal information with companies connected with Instagram. This information includes your name, email address, school, where you live, pictures, phone number, your likes and dislikes, where you go, who your friends are, how often you use Instagram, and any other personal information we find such as your birthday or who you are chatting with, including in private messages (DMs).

Source: The Washington Post

You may not realize how many places you have given up the right to be outraged by the use of your personal data. And it increases as our lives move more and more online. So what can we do?

The most critical step is to be aware of what you are giving up regarding your data. Just knowing that those photos or that memo probably aren’t really ‘private’ can help you make better choices about where you upload, back up, or share them. Older adults tend not to know that even their GPS is sending addresses back to the company to be used however the company wants.

Younger adults tend not to care about their data being private, largely because they have lived in a world where it really hasn’t been private for years. But we should all care. It’s unlikely that negotiating a separate contract with Facebook is an option for most of us. However, it’s important not to be so used to this gratuitous exploitation of personal data, that it becomes the accepted status quo.

The danger is in continuing to click those Terms of Service boxes without thinking about what we gave up.

At LegacyVault, your security and privacy are our highest priorities. We have taken extra care to ensure our Terms and Conditions do not follow the bad example of other companies. Sign up for an account and your information will stay yours and ONLY yours.

Cybersecurity 2017: Painful lessons for consumers (and how not to get hacked)

Cybersecurity Image

2017 was a rough year for consumers and cybersecurity.

Cybersecurity for Equifax, Yahoo, Uber, even school districts were tested, and beaten this year. It started to feel like everything online was unsafe. Well, the bad news is that you are probably even less secure than you thought, but hang in there—we have some things you can do to make some of your data a bit safer. First, here are the hard lessons we learned from the recent onslaught of hacks.

You have every right to be paranoid.

This is a harsh reality of an online, hyper connected world. All the data you have ever put online (including cloud-based storage) is subject to a level of cybersecurity, and that security can be tested by a hacker. The NSA accidentally released the tools their own hackers use to fight threats. Wouldn’t you know those tools were gobbled up pretty quickly by bad guys and used against government systems and corporations.

A corporate cyberattack that exposes your personal data can leave you feeling angry, vulnerable and helpless. How can this happen? Aren’t companies doing what they can to protect the information you trustingly give them? Certainly most companies try to be careful with customer data. But fixing the problems that create vulnerabilities take time and money. Sometimes a computer security problem becomes known and a company doesn’t take immediate action to fix it. Maybe they don’t want to lose money to take their network offline to fix it or they just kind of hope it won’t be a big deal. Clearly, that isn’t a winning strategy anymore.

It’s only going to get worse.

If you thought 2017 was a bad year for cybersecurity attacks, brace yourself. Not only are hacking tools available for cheap, but personal hacking is getting more lucrative. We’re talking about ransomware—a kind of malware that you accidentally download onto your own computer, usually via an email attachment. While big corporate data hacks provide a slew of personal data (that is later used for identity theft) ransomware hackers focus on small businesses and individuals.

How much is it worth to you to be able to have access to your client files, or all the photos and documents on your home computer? Turns out, the average hacker makes about $1000 for the upwards of 64% of individuals who pay to have their data released, and businesses admit to paying $40,000 and more. (The exact figures are a bit hard to pin down—I mean, who wants to admit they’ve been hacked or paid a ransom?)

There isn’t much you can do about corporate data hacks (until the FCC makes it painful enough for companies to be more diligent about security), but there are some steps you can take right now to decrease your likelihood of being held hostage by a ransomware hacker:

Cybersecurity Steps:

1) Hackers look for the easy entry—they aren’t going to spend time trying to break through a firewall on a server. So, make sure your home router has a firewall and that your business servers have firewalls. This step alone will make you just that much less appealing to a hacker.

2) Be sure you back up your computers regularly. It’s easy to say ‘no’ to a hacker’s ransom request if you have copies of your files somewhere else.

3) Keep all your computers, tablets, phones, et cetera updated. Companies often include security patches to software in updates as they become aware of problems.

4) DO NOT OPEN SUSPICIOUS EMAIL ATTACHMENTS, even from people you know if you aren’t expecting it. If you’re not sure, send them a quick message to see if it’s legit. THIS IS THE SINGLE MOST COMMON WAY RANSOMWARE GETS ON YOUR COMPUTER. For reals–CHECK.

5) Hackers often gain access to information on an account that exists on a low-security server (maybe a wine blog you frequent). Once they have your email and the password (that you probably use lots of places), it becomes very easy to run a program that gains access to higher security accounts. Like online bank accounts. To avert this, make sure you have a strong password (you can securely check your password strength here PASSWORD CHECKER) and a unique password for each site. So, if one gets hacked, you don’t leave all your online accounts vulnerable.

6) Just like hackers can get into low level internet accounts to access higher security ones, you may have vulnerabilities in your own home that would allow a hacker access to the WiFi in your home and all the devices attached to it. Any device that uses WiFi or Bluetooth, like a ‘smart’ lighting system, security camera or baby monitor might be hackable. Be sure to change the default password and keep the software updated. These interconnected devices, part of the Internet of Things, are growing in huge numbers in our homes and hackers have taken them over recently in various tests of security.

Hacks are going to get worse before they get better, unfortunately. But there are things you can do to be less appealing to hackers like making sure where you store your data has a high level of encryption. Be mindful of what you have online and the devices you have connected to the internet. And for the love, DON’T OPEN THOSE EMAIL ATTACHMENTS.

How to build a strong password in 4 easy steps

Make Your Password Stronger

How do you know if you have a good, strong, and secure password? If coming up with one password doesn’t produce enough anxiety, then on top of it you add that it has to be strong, unique, and memorable! Almost every website seems to require one these days (So now make 100 different passwords!). It’s a lot to keep track of and you might be a teeny bit tempted to tap out and just use something easy like the word ‘password’ (which is shockingly common, and one of the first things a hacker tries) or simply use the same password everywhere. DON’T.

If someone (not you, of course) uses the same password to log in to that fun blog about landscaping ideas as the one they use to log into their bank, they put themselves at a huge risk of being hacked. They should know it takes the average, run-of-the-mill hacker a matter of minutes to break into a lower security account (like the landscape blog) and get password information. If a hacker has that password, how far could they go in your digital world?

But you can make it harder for hackers to figure out your password on any account and create unique passwords for every account that are secure and easy for you to remember.

Here are 4 easy steps to creating a better password right now:

1)  Create a password that is at least 8 characters long

It should be a mix of uppercase and lowercase letters, and has a special character like: ! @ # $ ^ * or %, in the middle. Pretty much any character you might find on the top of any keyboard.

Just adding an uppercase letter to a password can change how long it takes a hacker to figure out a 6-character password from five minutes to eight days. Most hackers are looking for the easy, low-hanging fruit. So, don’t be that fruit.

2)  Make the password unique

Be sure you don’t use words that are easily found when they are run through a dictionary. Don’t use names. Nope, not even your dog’s name. Don’t use common Bible verses (John316) or a famous line from a poem (Tobeornottobe). Hackers try these phrases all the time. They aren’t unique enough to be safe.

3)  Use a string of letters and characters that are easy for you to recall, but nonsense to a hacker

The longer the better. If we take the example phrase, ‘Tobeornottobe’ (which is nice and long, but contains real words) and transform it with some uppercase letters and numbers to: t0b3orNot2bE, it goes from being cracked in 8 years to 10,000 years. Throw in a special character like ‘!’ on the end and it would take a hacker 11 million years to crack it.

Hopefully you know you shouldn’t use it now because we just published it on the web, but we have faith you will think of a good, personal phrase to use. Try the first letter of each word in a line from your favorite poem, verse, book, song or movie.

4)  Modify and repeat

Once you have a solid password (see the link below to check your password’s strength), use it as the root to create unique passwords for each and every website login you have. I know it sounds overwhelming, but let me show you a little trick: make one pattern and stick with it for every website. For example, use the website address name as the unique element you add to your base password in the same way on every site.

First, take your base password (I’ll call it ‘base’, though you know it would be a terrible password). Next, find the first 3 letters of the website name. For your Google account, you would have the base password you use everywhere + goo, to be ‘basegoo’. For Facebook, you would have, ‘basefac’. This will create a unique, hard to crack password for every account you have AND one that you can remember!

Think you have a strong password? Give it a try on our completely safe password checker. Try combinations until you find one you can remember and a hacker won’t likely bother with.


Don’t be the low-hanging fruit.