This week an astonishing 773,000,000 records were released in a monster breach. Security researcher Troy Hunt first reported the data set which includes 772,904,991 unique email addresses and over 21 million unique passwords, all recently posted to a hacking forum.
Hunt reports that the data was posted on line for anyone to take and not even up for sale in the dark corners of the web. In fact, not only is this the largest breach to become public, it’s second only to Yahoo’s breaches which affected 1 billion and 3 billion users, respectively. Fortunately, the stolen Yahoo data hasn’t surfaced, yet, but there's a good chance that if your information isn't out there yet, it will be soon.
What can you do?
After your data appears in a hacker forum or somewhere on the Dark Web, there's no way to take it back. For many, this is a wake up call to take better care of password safety.
- Use STRONG passwords. In this particular case, it doesn't matter how strong your password is, if its out there its out there, but using strong passwords is a general safety tip to help prevent many other types of cyber attacks.
- Use UNIQUE passwords. NEVER use the same password (or simple variation) for multiple sites or applications. Your banking passwords should not be the same as your gym membership password.
- Change your passwords frequently. When you hear about a major breach, this is a good reminder to change your passwords as it could be a long time before your credentials wind up for sale. Think of it like changing batteries in your smoke detectors. Use some calendar (daylight saving time?) to trigger the change. Anything other than using the same password for years.
- Use a password manager. Think about it. If you need to use STRONG passwords, and UNIQUE passwords, that you change regularly, there is no way to remember these. If just one employee in your organization cuts corners, this could put you and your organization at risk.
- Get Dark Web Monitoring to protect your business. When breaches make the headlines, everyone takes notice, but this activity happens frequently, and your data can be for sale on the Dark Web long before anyone publicly announces a breach. Think of Dark Web Monitoring as an early warning system.
- Use Two Factor Authentication wherever possible. If your password is compromised, no one can get access to your stuff without the second authentication. Many users see this as an inconvenience, but it's a critically important safety measure to safeguard your information.
- Educate your employees on cybersecurity. One weak link and your business may be at risk. Too many users still think "it won't happen to me", and too many SMBs think they're under the radar because they're too small.
For more information on the latest breach, check out a comprehensive summary in Wired Magazine.
At Ekaru, we're on a mission to provide enterprise-call service to small businesses. Please give us a call if you have any questions, or to assess your current security situation. We're here to help!