LinkedIn To Hackers

LinkedIn To HackersHackers have obtained 6.5 million LinkedIn passwords and posted them on a Russian hackers' website. After a brief period in which this unhappy development was merely rumored, it has been confirmed by security specialist Per Thorsheim.

The first thing to do, if you have not already done so, is to change your LinkedIn password. This is also as good a time as any to think about the passwords you are using, and how to make them stronger. "12345" is not a good password. Nor is Password, Princess, or a host of other all-too-common passwords.

(One good way to come up with a strong password is to abbreviate a phrase or sentence that you can easily remember, but that hackers could not readily guess.)

Once you have changed your LinkedIn password, the next thing to do is give some serious thought to online social networks and how we use them.

As social sites go, LinkedIn is professionally oriented and outwardly innocuous. People do not post their tipsy party pictures there. All the same, your LinkedIn page may have more personal information than you realize. If you post your resume, it provides a sketch history of your whole life from college on. And, increasingly, LinkedIn (and other social sites) provide connections to other sites, from which further personal information may be extracted.

Do not assume that major, popular social sites know everything about security, and have taken all appropriate measures to protect yours. This latest episode is just one more example that this is not the case. Social sites are in the marketing business, not the security or privacy-protection business.

A long-standing piece of general advice still holds: Don't put anything online that you would not want to turn up on the front page of the New York Times. Or on a Russian hackers' website.

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."