Five Star Logo
As seen in
Houston Five Star award winner
Marketing partner logo

Devising a Data Breach Game Plan

 

As you’ve likely read in the headlines, many companies have been victims of data breaches in recent years. For many of us, this situation can feel overwhelming. If businesses can’t protect themselves from cyberattacks, what chance does the average consumer have?

Time to plan

The bad news is that we likely can’t stop these data breaches from happening. But the good news is that, depending on the breach, it usually takes only a couple of key actions to reduce how you’ll be affected—if at all. The secret lies in pinpointing the specific information that’s at risk. Ask yourself, if attackers were to get ahold of this account, what could they access? From there, you can devise a simple game plan for almost any breach.

Credit and debit cards.

A good place to start is by making safe choices when it comes to using your credit and debit cards. For example, enter payment information online only at HTTPS sites (as opposed to HTTP sites), never store your payment information on sites, and do business only with companies you trust.

Even when you make the right choices, however, your payment information will inevitably get out there. If you do catch wind of any breach of credit or debit card information, it’s best to take the following steps:

  • Review your recent card activity to see if any unauthorized charges have occurred.
  • Report any unauthorized charges to your bank or credit card company.
  • Request a replacement card.

Here, it’s important to keep in mind that not all data breaches are properly disclosed. In fact, many aren’t revealed until months (or even years!) after the compromise took place. Get in the habit of regularly monitoring your financial activity, and report anything suspicious as soon as you can.

Passwords. In the past few years, LinkedIn, Yahoo, and Twitter passwords have been exposed on a mass scale. What steps should you take when something like this happens again? First, change your password. But also ask yourself, Have I used this password or a similar password for other online accounts?

If you use a password in multiple places and just one of those places is breached, someone could access all accounts that use that password. The solution? Break the “password reuse” habit! That way, the next time an incident happens, you would have to change only the password to the site that was breached. To simplify this process, you might also consider adopting a password manager.

Enabling multifactor authentication can also help protect your account with an additional layer of security. For example, you might receive a smartphone or e-mail notification every time you use your password. So, if your password were ever exposed, an attacker would need that other form of authentication to log in—which he or she is unlikely to have.

Social security number. Unlike a password, you can’t simply change a social security number when it has been exposed. What you can do is freeze your credit. As of September 2018, freezes are free, and they’re the most heavy-duty tool at your disposal for protecting your credit. It’s a preventive measure against (1) new lines of credit being opened in your name and (2) hard inquiries.

Some other tools worth looking into for an exposed social security number include:

  • Fraud alerts: These alerts encourage companies to verify with you before opening new line of credit.
  • Credit monitoring: These tools monitor your credit in real time for any changes. They are reactive and not proactive; they alert you after the unauthorized activity happens.
  • Identity theft protection services: For a hands-off approach to identity protection, these products offer tools and resources for one subscription fee.


Are you ready?


Now, let’s apply what we’ve learned so far to a breach that doesn’t fit so neatly into the categories above. In 2018, Facebook discovered a weakness that allowed attackers to take over any account. Attackers could find and reuse anyone’s unique access token, allowing them to authenticate users’ accounts. There was no known evidence of misuse, only the potential for it. Affected accounts were notified by Facebook via e-mail. If you received such a message today, what would you do?

You might start by asking yourself what your Facebook account has access to. With social media specifically, the answer depends on how you use your account.

Does your profile have your real birth date?


What third-party applications do you have connected to your Facebook account?


Do you use Facebook Connect to log in to other online accounts—ones that might store your payment information?

Have you ever messaged a family member your Netflix password, credit card information, or even social security number? 

Once you identify what’s at stake, identify the steps you can take to lock it down. Can you separate those connected apps—or at least change their passwords?

Do you need to limit the type of information you post on Facebook? Can you monitor anything else that may have been exposed, like a credit card number?

Don’t panic, do take action


Every breach is different. As such, there is no list of the “top three ways” to reduce impact across the board. But with a plan in place, there will be no need to panic when news of another breach hits the headlines. There will be the need to take action—and your data breach plan can help get you started. If a breach does affect you personally—to the point where someone is abusing your information and you can’t figure out what to do next—we recommend checking out the helpful resources at IdentityTheft.gov.

This award was issued on 7/1/24 by Five Star Professional (FSP) for the time period 10/10/23 through 4/30/24. Fee paid for use of marketing materials. Self-completed questionnaire was used for rating. This rating is not related to the quality of the investment advice and based solely on the disclosed criteria. 3270 Houston-area wealth managers were considered for the award; 208 (6% of candidates) were named 2024 Five Star Wealth Managers. The following prior year statistics use this format: YEAR: # Considered, # Winners, % of candidates, Issued Date, Research Period. 2023: 3,347, 179, 5.3%, 7/1/23, 10/10/22 - 5/5/23; 2022: 3215, 176, 5%, 7/1/22, 9/20/21 - 4/8/22; 2021: 3133, 173, 6%, 7/1/21, 9/14/20 - 4/30/21; 2020: 3219, 174, 5%, 7/1/20, 9/30/19 - 4/17/20; 2019: 2992, 209, 7%, 7/1/19, 10/15/18 - 4/26/19; 2018: 3114, 218, 7%, 7/1/18, 10/27/17 - 5/21/18; 2017: 2000, 228, 11%, 7/1/17, 10/24/16 - 5/24/17; 2016: 1763, 437, 25%, 6/1/16, 10/16/15 - 5/16/16; 2015: 2289, 408, 18%, 7/1/15, 10/16/14 - 5/16/15; 2014: 3958, 410, 10%, 7/1/14, 10/16/13 - 5/16/14; 2013: 3001, 504, 17%, 8/1/13, 10/16/12 - 5/16/13; 2012: 2105, 425, 20%, 7/1/12, 10/16/11 - 5/16/12.
Click to access BrokerCheck

This communication is strictly intended for individuals residing in the states of AZ, CA, CO, FL, GA, LA, MA, NC, NV, NY, OH, OK, PA, TN, TX, VA. No offers may be made or accepted from any resident outside these states due to various state regulations and registration requirements regarding investment products and services. Investments are not FDIC- or NCUA-insured, are not guaranteed by a bank/financial institution, and are subject to risks, including possible loss of the principal invested. Securities and advisory services offered through Commonwealth Financial Network®, Member FINRA/SIPC, a Registered Investment Adviser. Fixed insurance products and services offered through CES Insurance Agency or Merkle Financial Group.

*Winners appearing on this page do not pay a fee to be considered or to win the Five Star Award. Professionals with a digital profile have paid a promotional fee.
Wealth managers do not pay a fee to be considered or placed on the final list of Five Star Wealth Managers. The award is based on 10 objective criteria. Eligibility criteria - required: 1. Credentialed as a registered investment adviser (RIA) or a registered investment adviser representative; 2. Actively licensed as a RIA or as a principal of a registered investment adviser firm for a minimum of 5 years; 3. Favorable regulatory and complaint history review (As defined by FSP, the wealth manager has not; A. Been subject to a regulatory action that resulted in a license being suspended or revoked, or payment of a fine; B. Had more than a total of three settled or pending complaints filed against them and/or a total of five settled, pending, dismissed or denied complaints with any regulatory authority or FSP's consumer complaint process. Unfavorable feedback may have been discovered through a check of complaints registered with a regulatory authority or complaints registered through FSP's consumer complaint process; feedback may not be representative of any one client's experience; C. Individually contributed to a financial settlement of a customer complaint; D. Filed for personal bankruptcy within the past 11 years; E. Been terminated from a financial services firm within the past 11 years; F. Been convicted of a felony); 4. Fulfilled their firm review based on internal standards; 5. Accepting new clients. Evaluation criteria - considered: 6. One-year client retention rate; 7. Five-year client retention rate; 8. Non-institutional discretionary and/or non-discretionary client assets administered; 9. Number of client households served; 10. Education and professional designations. FSP does not evaluate quality of services provided to clients. The award is not indicative of the wealth manager's future performance. Wealth managers may or may not use discretion in their practice and therefore may not manage their clients' assets. The inclusion of a wealth manager on the Five Star Wealth Manager list should not be construed as an endorsement of the wealth manager by FSP or this publication. Working with a Five Star Wealth Manager or any wealth manager is no guarantee as to future investment success, nor is there any guarantee that the selected wealth managers will be awarded this accomplishment by FSP in the future. Visit www.fivestarprofessional.com.