This past week, there was a security breach that exposed passwords for more than 6 million LinkedIn accounts. Passwords were accessed by hackers, and it is unclear if associated email addresses were also leaked. While the company says that no accounts were compromised, security advisors are united in recommending that you change your password. And if you used the same password on any other accounts, you need to change those, too. This is particularly important if any of those accounts are related to your financial data.
What can hackers do with that many passwords? They can sell them on the black market, they can add them to a phishing database, and they can try to access your accounts on popular sites using your same email/password combo. Accessing your email would be particularly damaging because criminals could potentially gain access to more sensitive information and data, and they could send emails out under your account to try to hook your colleagues, friends and family, who would think any emails were coming from you.
The practice of posing as you via emails is called spear phising. We encourage you to read and take action on our prior post Spear phishing: Train your employees in e-mail security. Even if you are secure, your organization can be exposed if one of your employees falls for this ruse.
In addition to the tips we offered in the spear phisihing post linked above, here are some additional security tips – please feel free to circulate all our tips to your employees.
- Use separate passwords for your key accounts such as your bank and your email. Do not re-use those passwords on other sites.
- Think twice about letting any person or any service have access to your email account. Today many social networks ask you to grant access to your address book. Hmmm. Maybe not such a good idea.
- Create strong passwords. Microsoft Security Center offers simple advice on creating strong passwords, as well as a secure password checker, a tool that you can use to test the strength of a password. Also, see this article: Fix Your Terrible, Insecure Passwords in One Minute for a pretty good technique.
- Change passwords regularly, particularly for key accounts.
- Consider a password managing service. Services such as LastPass, KeePass, and 1Password help you to manage passwords securely.
Finally, beware of the opportunistic criminals who are taking advantage of this breach. If you get any emails that look like emails from LinkedIn inviting you to click to change your password, it is likely a trap. It’s a good idea to get in the habit of hovering your cursor over links to reveal who they are really from before you click. This article explains: What does it mean to “hover over” a link to check it’s validity?
If you are a current member of ESI EAP, sign in to access our Cyber Safety Resource Center – there are a wealth of resources and tools to share with your staff. If you are an employer and you do not have a comprehensive Employee Assistance Program with 24/7 member access, give us a call: 800-535-4841.