Let’s face it, 2016 was rough when it comes to online security. From major celebrities to Fortune 500 companies, it seems no one was safe from these increasingly sophisticated hackers. As more and more of our lives are tracked online, it’s more critical than ever that we take all the necessary steps to keep our sensitive information safe. Heading into the final weeks of 2016, let’s reflect on the past year to see what we can learn from prior breaches and how we can change our behavior to avoid becoming a victim of the inevitable next security breach.
Here’s a roundup of some of the biggest data breaches this year:
At the end of February this year, the widely popular messaging app admitted that data of some of its employees, current and past, had been compromised. The scammer was able to obtain some of the data by impersonating the company’s CEO, Evan Spiegel in an email requesting payroll information. Snapchat claimed it took action within four hours and reported the incident to the FBI.
The takeaway: While the good news is that Snapchat’s user data was safe, this incident proves that even the hottest, most tech savvy companies are vulnerable to data breaches. Educate employees on how to detect potential phishing scams with trainings, reference materials on the intranet, or even through fake phishing tests.
In what was thought to be one of the largest data breaches in recent history, Yahoo! lost 500 million usernames, passwords, telephone numbers, dates of birth, and even security questions that was eventually linked back to a hack that occurred in 2014. If that wasn’t bad enough, just yesterday we learned that 1 billion Yahoo accounts were compromised from a breach in 2013. The company claimed they were slow to report the breaches because they were unsure of who was responsible. They urged all users to change their passwords immediately.
The takeaway: Our accounts are more than just an email and a password. Every account requires different information when you sign up – phone number, address – and all of that can be stolen in a breach, and then used by a hacker to find even more information on you.
While the original hack occurred in 2012, a second wave hit LinkedIn this summer when news broke that hackers were selling login credentials of 117 million LinkedIn users, including Facebook founder Mark Zuckerberg, on the black market. To make matters worse, the breach highlighted the company’s lack of clarity on what level of security they even offered.Back in 2012 when the data was originally stolen, it’s unclear what level of encryption LinkedIn applied to passwords, which creates a lot of uncertainty around how this breach actually occurred.
The takeaway: Sometimes changing your password isn’t enough. Users should turn on two-factor authentication when possible. This added layer of security sends a notification to your phone each time your account is logged into from a new device.
In November, a hack against the popular adult dating and entertainment company FriendFinder Networks exposed data related to more than 412 million user accounts, marking the second hack the company has endured in as many years. The stolen data stretched back 20 years and included information such as usernames, emails, join dates, the date of a user’s last visit, and even passwords.
The takeaway: Reports claimed that nearly 15 million email addresses were linked to deleted accounts. This is a great reminder that every password matters. Even if the account is one you only plan to use once and delete, you should still create a strong, unique password for it to prevent any compromising of your information after you’ve left the account in the dust.
Looking ahead to 2017
So what can we learn from these breaches? How can we best prepare ourselves for the potential threats that 2017 holds? If these breaches taught us anything, it’s that everyone and every company is at risk. Hackers are getting smarter and thinking bigger. Companies need to be taking security more seriously. Every company should educate employees on best password practices, require the use of a password manager, and setup user verification (think 2FA) wherever possible.
However, there is a lot we can and should be doing as consumers. The biggest takeaway from the great breaches of 2016 is that every.single.password matters; don’t skimp and get lazy. Make each password unique and you’ll be much less likely to be a victim of a breach in the future. Also, take a page from what these big companies should, or already are, doing: sign up for a password manager like LastPass and set up two-factor on accounts like your finances and email.
To learn more about password managers and how to keep your sensitive information safe, head over to www.lastpass.com.