Posted on Monday, January 23, 2017 in CybersecurityBlog written by Rob Swenson
The business-oriented, social media website LinkedIn suffered a large data breach in May 2016. It exposed about 164 million email addresses and passwords.
My personal information was among that data, but I didn’t pay much attention to the LinkedIn intrusion until recently.
I recently checked the data-breach status of my three most frequently used email addresses on the website www.HaveIBeenPwned.com. No activity was reported on two of them. The address that I use primarily for LinkedIn was the exception.
LinkedIn’s file actually had been breached in 2012, HaveIBeenPwned reports. But the hackers apparently set aside the information for four years before releasing it. In the world of cybercrime, hackers often hold stolen data for a while to let public concern cool down.
There’s not much I can do about the breach now but change my password again and, of course, keep watch for suspicious digital activity. The breach is a reminder of the constant threats to personal and business privacy that we all encounter every day.
Privacy is both a personal and business issue, and the two sometimes intersect. Hackers, for example, might seek and use personal information as a way to access business data.
The proliferation of online information and advances in the technical tools that hackers use require everyone to be more vigorous about protecting their privacy.
This is a good time to bring attention to the issue because Jan. 28 is recognized in the United States and in dozens of other countries as Data Privacy Day or Data Protection Day. The observation is promoted annually by countries and organizations to raise awareness of the importance of protecting online information in social networking and other locations.
Security experts at SDN Communications initially told me about the HaveIBeenPwned website. I was reminded of the site and its free service recently when I read a Consumer Reports story headlined "66 Ways to Protect Your Privacy Online." The story was originally posted in September 2016.
The first of the 66 tips listed in the story is to check your breach status, which I did.
An abbreviated version of the Consumer Reports story lists seven steps that people in a hurry can take to protect their information. It’s a good time to check out “The Consumer Reports 10-Minute Digital Privacy Tuneup.”
The top suggestions the shorter story include urging the use of screen-lock passwords or PINs on every connected device, and a reminder to always keep your operating systems and software up to date.
“Hackers are always exploiting more vulnerabilities, while security pros play nonstop malware whack-a-mole,” the Consumer Reports story says.
That’s a colorfully accurate way to describe the constant challenge that professional service providers face. The burden on individual computer users also is a constant and intense challenge.
The Federal Trade Commission’s website is among the public resources available to help individuals and businesses protect their digital privacy. The commission’s tips to help people increase computer security include the following:
- Use security software that updates automatically.
- Treat your personal information like cash.
- Check out companies to find out who you’re really dealing with.
- Give personal information over encrypted websites only.
- Protect your passwords.
- Back up your files.
The FTC offers an abundance of online resources to help businesses protect data. Companies that manage confidential information are encouraged to start every process with security in mind.
“Factor it into the decision-making in every department of your business – personnel, sales, accounting, information technology, etc. Collecting and maintaining information ‘just because’ is no longer a sound business strategy,” according to the FTC.
“By making conscious choices about the kind of information you collect, how long you keep it, and who can access it, you can reduce the risk of a data compromise down the road,” the agency advises.
That’s a good suggestion. Stockpiling data for no reason does not make any sense. Businesses have an obligation to be more selective and more responsible. Consumers, meantime, should be more careful, too.
INFOGRAPHIC DOWNLOAD: Password Protection