Data Protection and Password Security Update: LinkedIn
On June 7, LinkedIn disclosed that “some LinkedIn member passwords were compromised.” Per LinkedIn disclosures on their blog https://blog.linkedin.com/2012/06/07/taking-steps-to-protect-our-members/ ”LinkedIn learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published.” They continued, “no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event.”
There are a few important lessons to pass along given the recent data protection disclosure by LinkedIn:
Separate Company from Personal
You or your employees may have a variety of social media accounts. It is a good data protection policy to use separate email and password combinations for personal use versus business use. Where possible, use a personal email and password combination to set up and access your Facebook, Twitter and LinkedIn accounts. Discourage employees from using their business credentials on social networks. In the event that an email and password combination is compromised, there is a lower probability that your vital systems will be hacked if your company is not associated with the data leak on a social network.
Data Protection Can Lower Exposure
When it comes to data protection and backup, the first thoughts are rapid recovery from lost data. These same techniques also apply to hacked data. By having daily backups of your data companies can better pinpoint what data may have been compromised during a security breach. Security disclosure regulation procedures vary by state and country. You may have a requirement to report to local authorities in ad