Posts made in July, 2016

Are My Personal and Business Email Accounts Compromised?

Posted on Jul 20, 2016 in Email, Security

Are My Personal and Business Email Accounts Compromised?

Are My Personal and Business Email Accounts Compromised?

By now you are probably aware that in May 2016, over 200 million email addresses and passwords across a few email providers including Gmail, Yahoo, Hotmail, and Russia’s mail.ru service were compromised. Combining with the email addresses, over 1 billion usernames and passwords were also compromised. This latest hack has reminded us all how easily accessible our private web-based information can be obtained, and that vigilance is vital.

These attacks and the theft of information was not only against these email providers, but also over 420,000 websites including Fortune 500 household names and small internet sites, according to Hold Security, a leading security firm in Milwaukee, Wisconsin. According to founder Alex Holden, these “hackers did not just target U.S. companies. They targeted any website they could get, ranging from Fortune 500 companies to very small websites… And most of these sites are still vulnerable.”

While there are many who are concerned that keeping personal information safe, there are a few things that people and businesses can do to bolster their security.

Both:
Check your email address for compromises at a website that does it free like http://haveibeenpwned.com/. And learn how to discover for yourself if your account is compromised: Google Mail, Yahoo Mail, Hotmail.

For Business

  1. Require customers who have web-based accounts on your platforms to reset passwords every 90-180 days.
  2. Require internal personnel to reset passwords every 45-90 days.
  3. Require complexity of passwords especially a minimum length that does not mirror any other information in the customer account (name, address, birthdates, etc.). The longer the password, the better. My recommendation is 14-25 characters.
  4. Hire a security team to test and verify privacy service levels are being met, and run the tests regularly (every 6-12 months).

Personally

  1. Use a tool like 1Password to create and manage passwords so that you don’t get taken advantage of by phishing scams.
  2. Use complex passwords everywhere. The 1Password app will help you accomplish this easier.
  3. Change your passwords on Internet accounts regularly (every 90-180 days).
  4. Never click links from emails that look like they are from your financial institution, instead browse to the site directly. Again, the 1Password app resolves this issue.
  5. When you are locked out of an account, only take input from two sources: the site that hosts the account or a qualified IT person. Never trust web-based recovery people that want to charge you.

While there is no way to prevent a hacker from hacking, as even the most secure government entities still have issues, we can all take additional precautions and steps to help secure ourselves from the casual attacker and phishing scheme.

Legal Disclaimer: Veragy is not affiliated and does not endorse the products or services offered by any externally linked site. They are mentioned for the perusal and thought provocation of the reader. Use at your own risk.

Read More