On January 17, 2018, the largest data breach in history occurred. A massive database containing 772,904,991 unique email addresses and more than 21 million unique passwords was recently posted to an online hacking forum, according to Wired.
770 million people’s Personally Identifiable Information (PII) was decrypted, cataloged and has been released on the Internet. The files called Collection 1, were originally found on cloud service MEGA, and later posted to a popular hacking forum.
What Is PII?
Personally Identifiable Information is any form of data that can be tracked to an individual such as social security numbers, their name, gender, address, telephone number, email address, or biometric data information. PII is used in all offline and online IT applications, services, websites and organizations that store and maintain it for multiple functions and processes.
What Should You Do To Protect Your PII?
To see if your information was in the Collection #1 data dump go to HaveIBeenPwned.com. After you enter your email address, you can scroll down and see whether your data was included in the Collection #1 data leak.
If you are on any of the lists that come up, change your passwords immediately. We also recommend using a password manager and to follow password best practices.
What Are Password Best Practices To Protect PII?
Password managers automatically store your login credentials for the various sites you visit. Passwords are encrypted in a database using a master password, so all that your employees need to remember is their master password.
When creating a new account, the first thing to do is to choose a master password. This controls access to your password management database. Make sure it’s a strong password that you can remember because it’s the only one you’ll be using. You can change it later if you need to.
Your master password can be connected to the active directory, which means you can use this one password to log in to computers, send emails and wherever you need to use a password. And when your passwords need updating, you only have to change the master password.
To use the password management software, you visit a site and instead of keying in a unique password, you input your master password for the password management software. The program automatically fills in the appropriate login data for you. You can also configure it to store your email address, username and other data.
What Are Some Password Management Programs To Use To Protect PII?
A variety of password managers are available, but you want to choose one that’s designed for business use. There are many solid options. We’re listing some here that are recommended for small businesses.
- LastPass for businesses provides a centralized control dashboard, convenient secure password sharing, automated user management, federated access so employees can log in with their Active Directory credentials, secure password storage where employees have their own vault for storing every app and web login they use, and two-factor authentication options to ensure no one can log into your password vault.
- Splikity uses military-grade encryption to remember passwords and automatically saves and syncs them across all your devices. This helps if your employees are always on the go and use mobile devices to sign into sites. It utilizes the strongest security in the industry, and they run continual security tests to ensure your passwords remain secure.
- Dashlane works on almost every platform: Windows, OS X, iPhone, iPad, and Android. There’s an extension for every major browser. It includes features like a security dashboard that analyzes your passwords. Dashlane for Business is designed for easy use by both technical and not-so-technical people. Onboarding is painless, secure sharing of company information is simple, and it offers features like autofill and auto-login, and secure group sharing. It also provides both business and personal spaces that let your employees store both their professional and personal accounts.
- Keeper Security gives you team members on-demand access to encrypted passwords, applications and websites. With a Private Master Password, only the user knows the Master Password used to encrypt and decrypt information, thereby maximizing security. Keeper Security utilizes multi-factor authentication, including a biometric login and Keeper DNA to confirm identity. User data is encrypted and decrypted at the device level not on Keepers’ servers or in the Cloud. And Keeper protects your information with AES 256-bit encryption and PBKDF2, widely accepted as the most robust encryption available.
- Sticky Password is an ultra-secure password manager where you use your fingerprint to authenticate your identity on a mobile device. It also provides a random strong password generator and will autofill forms for you, saving time and trouble. It also uses 2‑step verification, military-grade AES‑256 encryption and biometric authentication. And a portable password manager lets you access your encrypted data even on computers that aren’t yours. Share passwords and logins securely, grant, remove and manage access, set permissions and more.
- KeePassX is an application for people with extremely high demands for secure personal data management. KeePassX saves many different forms of information (e.g. usernames, passwords, URLs, attachments and comments) in one single database. For better management, user-defined titles and icons can be specified for every single entry. Entries are sorted in groups, which are customizable as well. The integrated search function allows searches in a single group or the complete database. The password generator is very customizable, fast and easy to use. Someone who generates passwords frequently will appreciate this feature.
There are many more Password Managers to choose from. And there are also password management tools where you provide a one-time link so an authorized person can use the password for specific purposes. Once they use the password, it expires!
What Are Some Other Ways To Protect PII?
- Use a different password for each account.
- Use long passwords–the longer, the better.
- Use special characters, numbers, and capital letters.
- Change your passwords every few months.
- Don’t write down passwords, whether they’re on a piece of paper or stored somewhere.
- Don’t share passwords via email, text, or chat.
- Don’ use easily identifiable information, such as a birthday or a child’s name in your passwords.
- Don’t us generic passwords like 12345.
This breach and others shouldn’t be taken lightly. If you need help securing passwords, or assistance for other business IT needs, contact the IT Security Experts at Network Heroes in Las Vegas.
In the meantime, stay up-to-date on what’s happening in the world of information technology and how it can impact your law business. Visit our Blog. Here are a few examples of what you’ll find.