Expert tips: What to do in the event of a data breach

If you suspect that your information may have fallen into the wrong hands in the city’s data breach, the most important thing to do is to stay vigilant and remain calm, says Matias Mesiä, a data security expert at Finland’s National Cyber Security Centre in Traficom.
Matias Mesiä työskentelee tietoturva-asiantuntijana Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksessa.
Matias Mesiä works as a data security expert at Finland’s National Cyber Security Centre Photo: Traficom

National Cyber Security Centre Data Security Expert Matias Mesiä advises people who suspect their data is at risk to keep their eyes and ears open, but to try to stay cool. He also encourages them to regularly monitor the city’s and relevant authorities’ official information channels and familiarise themselves with the information and instructions that have already been published there. Even so, he says he fully understands that the city's data breach can stir up a range of emotions and prompt many questions.  

Despite the city’s data breach affecting a large number of users, Mesiä does not find the case in any way surprising. Devices and services in a network can lead to a data breach for any number of reasons, in any organisation.

“We field notifications about all sorts of data breaches almost every day, with ten to twenty of these kinds of more serious cases a year. Data breaches are part of everyday cyberlife, and there’s nothing that can be done about it. But of course, it is really important to learn carefully from each case that comes along, so that we can avoid a repeat of the situation,” he says.

Take notice of anything out of the ordinary  

Mesiä’s most important tip is to take the time to pay attention to anything that seems abnormal.

“It’s a good idea to stop once in a while during your day-to-day life – even when things get hectic – to examine what your average day looks like on a weekly or monthly basis. Once you’ve done this,  it is much easier to detect any deviations: things that differ from norm in some way. Have I received an unusual phone call, message or letter? Is there unusual activity in my bank account? It is a skill that can only be learned by carrying it out,” Mesiä says.

He advises people to be vigilant against possible phishing attempts and other scams. Do not click open any suspicious links or files. Never give out personal information such as your bank information or passwords in an email or on the phone.

”Offers that sound too good should always ring bells. Unexpected contacts from a work colleague or acquaintance should also be met with an appropriate level of hesitance – especially if the contact is pressuring you to act quickly regarding something. Never accept an offer in haste; no one should be in such a hurry to become a millionaire,” Mesiä says.

Should I contact the police or carry out some other measures?

The City of Helsinki is already providing all of the information necessary for the investigation to the Helsinki Police Department. At this stage, there is no need for city residents or city employees to contact the police, even if you suspect that you have been the target of a data leak.  

Data security expert Mesiä also recommends exercising restraint before taking other concrete measures such as enforcing bans, as there is no rush. He says to consult the Cyber Security Centre's guidelines for further information: Advice for victims of identity theft or data breaches | NCSC-FI (Link leads to external service).

He also advises people to give unreliable media sources or discussion forums a pass, as communities such as these are known to spread misinformation.  

Remember to use strong passwords 

Mesiä reminds people that they should never reuse the same password across different devices and services.

“This way, in the unfortunate case that a password is leaked, the damages can be limited to a single service. I also recommend using password management software, which makes it easy to save different passwords behind one strong password,” he says.

“The most important feature of a good password is its length. Passwords should be as long as possible, and it is good to include special characters and uppercase letters. Do not use a full sentence as a password. It is better to break it up with a special character.”

According to Mesiä, there is no need to start changing passwords until a specific request to do is issued. 

Expert tips for improving your data security 

  • Make sure your devices and apps are up to date with the latest updates. 

  • Use multi-factor authentication whenever possible. In this case, a person meaning to steal something would need access to the device that you use for multi-factor authentication, in addition to your password and username, to gain access to your information. This makes you a much harder target for different kinds of attacks. 

  • Use strong passwords. Do not reuse passwords across different services. 

  • Remember to make backup copies. 

  • Ask for help if there is something you don’t understand or have questions about. For example, if you receive a suspicious message or file, please ask your organisation’s HelpDesk service for their advice before opening it. 

The City of Helsinki has also opened its own customer service channel for people affected by the data breach. Call tel. +358 9 310 27139 or send an email to kaskotietoturvatilanne@hel.fi(Link opens default mail program) on Mon–Fri 8.00–16.00.

Page updated on 24 May 2024