Securing Your Online Accounts
Whether you have a mom-and-pop shop or a huge corporation, online security has never been more important, especially in light of recent criminal data breaches at social media sites LinkedIn, MySpace and Tumblr.
In what is the online equivalent of a superstore break-in, hackers stole and then tried to sell what they claimed were 117 million LinkedIn email addresses and passwords. This is a huge deal because lots of people routinely use the same password on multiple sites, meaning hackers could use one piece of stolen info as a gateway to break into banking websites and other key accounts.
If your LinkedIn info was stolen, LinkedIn was supposed to notify you with instructions to reset your password and consider adding two-step verification. Regularly changing passwords – and using long passwords that are a mix of letters, numbers and symbols – should be routine at every home and office these days.
But I admit, when I first heard about the breaches I had to think, “Did LinkedIn notify me? Do I still have a MySpace account? Did I ever use Tumblr?”
We’re all super busy, and it’s easy to get lazy about personal online security – just as it’s easy to forget to lock your front door or your car. Make no mistake, cybercrime is very real and growing more sophisticated every day. There’s malware, email worms, like-jacking, link-jacking – the threat list goes on.
To alert ASI members to the latest breaches, ASI’s CTO, Armughan Rafat, sent an advisory email I’m sharing in full below. Please note: the LinkedIn, MySpace and Tumblr breaches are not related to your safe, secure ASI accounts and, unfortunately, ASI cannot help you change settings to your personal external accounts.
Here is Armughan’s email:
If you have used LinkedIn, Tumblr or MySpace, I highly recommend you take the following actions to protect your account(s):
If you already changed your password in response to a breach notification from LinkedIn, there’s no need to change it again. But if you wish to change it as a precaution:
- Log on to LinkedIn and select a new, unique password only used for LinkedIn. Never use the same password across multiple websites because criminals will use breached data to attempt access to your other accounts. Choose long passwords that are a mix of letters, numbers and symbols.
- As added security, enable two-step verification, which protects your account by sending a verification code to your cellphone when you sign on to LinkedIn from a device they don’t recognize. Get directions here: https://www.linkedin.com/help/linkedin/suggested/544.
- Log on and click your account “Settings,” located in your footer next to “Messages” and “Notifications.” Click on the “Settings Icon” to open your account menu options and change your password, following the cautions above.
- Log on and click “Settings” under the “Account” menu at the top of the dashboard. Update your password in the “Password” section, following the cautions above. Click “Save.”
- As added security, enable two-factor authentication. Click “Settings” under the “Account” menu at the top of the dashboard. In the “Security” section, enable “two-factor authentication.” Enter your phone number and continue following steps.
- Use unique passwords for each of your accounts.
- If the site offers two-step verification or multi-factor authentication, enable it.
- Never use your employer-provided email account for your personal activities, as you have no ownership of the account.
- Search your email address (es) and usernames on the data-breach search service “Have I Been Pwned?” (victimized, in Internet-speak) at: https://haveibeenpwned.com/. This is a trusted resource that makes many of the publicly disclosed breaches searchable. Register your email address with the site to be notified in case of a breach.
For more information on the data breaches, please visit: