What does the LinkedIn hack mean for my Business?
In 2012 LinkedIn was the victim of a significant breach that resulted in the email addresses and passwords of some users. Initially it was believed that a small number of user's details had been caught out in this incident however in May 2016 a much larger number of user's details began to be offered on illegal dark-net sites.
What does this mean for me?
If you were a member of LinkedIn in 2012 there is a good chance that your email address and password at the time were compromised. LinkedIn has now taken steps to reset the passwords of all impacted account, however if you simply reused the same password, or you used the email address and password on other sites, you could be at risk of having your accounts compromised.
What does this mean for my business?
As a service focused towards professionals it is not uncommon for work emails to be used on LinkedIn. If you or any of your employees created an account with their work email address and reused a password they use elsewhere (e.g. for their work email or online service access) your business could become a target for cyber criminals.
Email addresses caught up in the LinkedIn and other breaches have also begun to be more actively targeted with spam and phishing, which as well as being annoying, can be more difficult to spot if using details from these incidents.
What should I do now?
Firstly: Don't Panic
While your account maybe have been compromised in a security breach, it does not necessarily mean that it has been exploited or that you have had your identity, data or money stolen. However, you should take some basic action and precautions to avoid any further damage:
Step 1: Reset your LinkedIn account
If you haven't already you should log into your LinkedIn account and reset your password. The following link will guide you through the process if you're unsure.
You should also encourage any employees that may have registered with their work email addresses to do the same.
Step 2: Find where your account is used
Next you should understand what other services you have registered for with that email account. Think about companies and services you interact with using this account, review any accounts you may have saved in your internet browser, search email for new registrations and check your physical mail for useful reminders such as utility bills.
Step 3: Change critical passwords
Once you understand where your email is used, you should login to the service, check for any unexpected transactions and change the password to a strong password. You should prioritise accounts which are more valuable if they were to be compromised. These include:
- Banks and financial institution
- Email services (e.g. Gmail, Yahoo)
- Government websites and services (e.g. myGov, CentreLink)
- Utility companies (e.g. phone, internet, gas, water, electricity providers)
- Personal computer logins and backup services
Incidents such as this are becoming more common and difficult to protect against. At CyberAsk we're working to help businesses prepare for and respond to these incidents in ways that reduce the harm they can cause.
As a CyberAsk member we will work directly with you to understand and build solutions tailored to your business and situation. If you would like to better understand the risks these types of events pose you and your business or would like some more guidance please reach out for a free no obligation consultation:
Alternatively if you'd like to do some more digging on your own here are some useful links: