Yesterday's news, that more than 6.4 million LinkedIn passwords have been breached, has many IT professionals on high alert.
CSOs are asking me how/if they should communicate this news to company employees and the need to immediately change passwords. The answer is a resounding yes.
Employee communication recommendation & email template
I highly recommend cyber security teams send out an employee alert explaining why LinkedIn passwords need to be changed and best practices for doing so. Sure, you may not have direct IT control over individual LinkedIn accounts, but your communication may alleviate social engineering attacks on employees and your network.
In addition, providing security guidance to your employees can only help your employee education efforts. This is an opportunity to provide your security expertise and increase internal awareness about the importance of cyber security. It can go something like this:
Today it was reported that more than 6.4 million LinkedIn passwords have been hacked. It’s highly recommended that all [insert company name here] employees and contractors change their LinkedIn password immediately. Taking this action will help prevent cybercriminals from breaking into your account, stealing your personal information, contacting your LinkedIn contacts, and potentially damaging your online reputation.
Below are a 5 password tips:
- Change your password regularly.
- Make your password longer than six characters and complex. For example, use a combination of numbers, letters, upper/lower case letters, and punctuation marks.
- Do not use the same password for multiple websites.
- Avoid using obvious passwords. For example, your address, birthday, “password,” or 12345.
- Save your usernames in one document and save your passwords in another document. Don’t title it “passwords.”
In addition, if your password at work is similar to your LinkedIn password it could potentially affect the security of our organization. If your work password is similar, please change that as well.
If you have any questions or concerns, please send the [insert company name here] cyber security team an email [insert email]
Thank you for your time.
There’s also a larger data loss prevention issue that needs to be addressed in light of this possible LinkedIn breach. Stay tuned. I’ll cover how cyber security teams can tighten security on their network in my next blog post.
Have you shared the LinkedIn news with your company? Or have a question for me? Feel free to leave a comment below.