Last week, LinkedIn made a surprising announcement: data from a security breach that occurred at the social networking company in 2012 just now became available online — four years after that fact! Luckily, the only data revealed was member email addresses, passwords, and LinkedIn member IDs. But that information is often enough to execute the kinds of “social engineering” scams so prevalent today.
Social engineering occurs when hackers scour the Internet for information pertinent to a company and its employees. Then, using email accounts that look suspiciously like those of key executives at the business (think email@example.com instead of firstname.lastname@example.org), those hackers will try to initiate financial transfers, direct users to click on illicit links, or urge employees to open and review an attachment that can install malware, ransomware, or other viruses on computers and networks.
In the case of this LinkedIn breach, hackers are taking over profiles to send direct messages and post stories that appear to be legitimate. Say you have 250 connections, many of whom know and trust you. If a hacker takes over your profile, and those 250 connections click on an infected link and cause harm to your computer, how do you think that will affect your reputation among your professional circle?
Luckily, the extent of the breach, which was revealed in 2012, is limited. LinkedIn acted fast to invalidate all the passwords for those accounts created prior to 2012 that had not reset their passwords. Anyone who created a profile AFTER 2012 is relatively secured thanks to LinkedIn’s more advanced password protection, which includes two-factor authentication. The company is also employing the kind of advanced and automated network security tools that IT companies like CMIT Solutions rely on every day to analyze Internet traffic and block suspicious activity.
What else can you do to prevent your data from being compromised by a similar kind of breach?
1) Create strong passwords that are unique to different accounts.
The first rule of good password management? Don’t use the same password for multiple sites, which can increase the risk of intrusion or compromise. The second rule? Don’t waste time trying to remember all those individual passwords. That’s where a strong password manager built for your business needs comes into play. Imagine how much time you’d save never resetting passwords (and losing track of them) again.
2) Never open ANY attachment or click on ANY link that looks unfamiliar or suspicious.
The best rule of thumb for attachments? If you’re not expecting it, don’t open it. Same goes for links — if a friend or colleague sends an email or posts to social media about a viral video or current events news story, think for a minute about whether it fits their character before you click on it.
3) If a work email seems off, examine the email address (not just the account name) carefully.
The easiest ploy in the social engineering world is naming an email account with the exact name of a company’s CEO or other executive. But remember than anyone can name an email account anything they want — that’s why you should always make actual addresses visible in whatever email client you use. That way, you can check the spelling of the domain name whenever you receive what seems like a strange request.
4) Implement layered network security solutions.
Truth be told, you can take all the precautions in the world — and a hack or data breach can still happen. That’s why a layered or “umbrella” approach to security is so important. At CMIT Solutions, we know that proactive monitoring, anti-spam, anti-virus, anti-spyware, and anti-malware isn’t enough to achieve total security. Which is why we rely on extra security tools that analyze Internet traffic, filter websites for content, and watch out for targeted intrusions BEFORE they occur.
5) And since no one layer of security can provide 100% protection, make sure your data is backed up securely and easily recoverable.
When it comes down to it, the best way to prevent data loss or compromise is to regularly back up critical information to remote locations, both in the cloud and on premises. That way, any intrusion can be remediated by wiping machines clean and starting fresh from a reliable backup.
Data breaches and other security compromises continue to come at us from all directions — and, as this LinkedIn hack proves, can sneak up on us years after they actually occur. That’s why CMIT Solutions is dedicated to helping our business clients survive and thrive in today’s complicated IT world. No security solution is 100% effective, but the more layers you put between your systems and the cybercriminals looking to infiltrate them, the safer you’ll be. Contact us today so that we can worry about your IT — and you can worry about running your business.