News about Yahoo’s confirmed data breach of a staggering 500 million users’ accounts reminds us that even the most trusted technology providers can be hacked.

Plan for a Breach

According to Mandiant’s 2016 M-Trends report, it takes organizations an average of 146 days to detect or be made aware of a data breach. Most organizations with a well-defined cyber security posture have been or assume they will be compromised at some point.  Breach detection mechanisms are a vital part of the plan.

But is there anything the average person can do to detect intrusions to their online spaces? Actually, yes.

Enable Account Notifications

Anyone can enable notifications within their account settings to be alerted of unusual login attempts or other suspicious activity.

For example, e-mail providers capture access attempts by an unrecognized phone/computer from another location.  They can send you a text or e-mail about this activity.

Banks allow users to turn on notifications for large debits or when the balance falls below a certain amount.  Again, alerts arrive via text message or e-mail.

Users should review account settings once a year to confirm settings and learn about any new fraud protection features.

Pay Attention to the News

Frequent password changes are only enforceable through a workplace technical control. For personal accounts, users should pay attention to the news and take the appropriate steps to update their information when notified of a breach by their provider.  Not every breach will involve stolen account credentials.  However, when they do, the service will ask all users to change their passwords.

As consumers of technology, we cannot control whether our service providers are truly storing our information securely.  However, we can take advantage of features that allow us to monitor our own accounts.