Security Alert! By Tom Clancy, VP Information Technology
Cyber thieves may have collected 1.2 billion passwords! What should you do?
Reports abound that Russian cyber thieves may have acquired 1.2 billion unique username and password combinations, and more than 500 million email addresses from 420,000 websites.
Whether or not such reports are accurate, we recommend a review of related data security principles and practices in light of this and other potential compromises.
Focus on the highest risk accounts:
Some accounts represent greater risk than others. Accounts that require special attention include:
- Email accounts: These are often used to notify users of modifications or requests made in other accounts, such as requests for password changes.
- Accounts that provide access to sensitive personal financial information: online banking, 401K, IRA, stock trading, etc.
Ensure that sensitive accounts:
- Have unique passwords: DO NOT use the same password on multiple accounts.
- Use the strongest password: (length and complexity) that the application will allow.
- Use 2-factor authentication: and other additional authentication techniques where available.
At a minimum, do the following:
- If you have used the same password on multiple sensitive accounts, create new unique passwords for each of them
- If you have used weak passwords on sensitive accounts, replace them with strong passwords.
- Change passwords on any email accounts used to receive notifications of account modifications.
Key takeaway – this is not the first time passwords and email addresses have been compromised, and certainly won’t be the last. Make sure you have an actionable strategy in place to protect your sensitive accounts.