Data Protection and Password Security Update: LinkedIn
On June 7, LinkedIn disclosed that “some LinkedIn member passwords were compromised.” Per LinkedIn disclosures on their blog http://blog.linkedin.com/2012/06/07/taking-steps-to-protect-our-members/ ”LinkedIn learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published.” They continued, “no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event.”
There are a few important lessons to pass along given the recent data protection disclosure by LinkedIn:
Separate Company from Personal
You or your employees may have a variety of social media accounts. It is a good data protection policy to use separate email and password combinations for personal use versus business use. Where possible, use a personal email and password combination to set up and access your Facebook, Twitter and LinkedIn accounts. Discourage employees from using their business credentials on social networks. In the event that an email and password combination is compromised, there is a lower probability that your vital systems will be hacked if your company is not associated with the data leak on a social network.
Data Protection Can Lower Exposure
When it comes to data protection and backup, the first thoughts are rapid recovery from lost data. These same techniques also apply to hacked data. By having daily backups of your data companies can better pinpoint what data may have been compromised during a security breach. Security disclosure regulation procedures vary by state and country. You may have a requirement to report to local authorities in addition to notifying your customers. If you know “what data” was compromised ,you may be able to minimize “who you need to notify” in the event of a data protection and security breach. Based on their report; LinkedIn was able to quickly identify accounts compromised and notify customers within a day of detecting the security compromise.
Communicate Quickly When Security is Compromised
In addition to physical security, network security, antivirus, antimalware, O/S security patch and remote data backup, it is important to have a protocol for communications in the case of a security breach. Make sure you know who in your organization will communicate and how the communication will take place in the event your sensitive data is compromised. Communication is a key to recovering from an unfortunate password security breach.
Data protection and password security breach is a reality in today’s connected world. It is as important to proactively enforce security policies, as it is to quickly respond and communicate when a breach occurs. Consider having your trusted IT advisor perform a data protection audit to identify any security risks in your data protection plan.