An Australian Web Security Specialist, Troy Hunt, has compiled a database containing usernames that have been stolen in hacks and then published or sold. Some people use his site to look up their own email address or username.
His website is haveibeenpwned dot com. (In this case, Pwned refers to a condition of someone else having access to your login credentials.)

At his site, people enter their email address or any usernames they’ve used for online logins. Sometimes, they look up addresses of their family members. If there is a hit, the details of the breach are displayed on the site.

Even if not on the list, there is no guarantee that person’s credentials haven’t been stolen, but it still helps to know.

If you ever suspect that your login credentials to any website have been exposed, it is very important that you reset the password on that site, as well as any other sites where you may have used the same password.

There are other strategies to protect yourself. Enabling two-step-logon is very important these days since it can thwart attackers who know your username and password. Using a password manager, as opposed to letting your browser store passwords, can help make password security more convenient, but it still needs to be used carefully. These strategies are explained in detail elsewhere in this blog.

Forward this to anyone who might want to know if their username and password has been hacked.

The post More than 1 Billion Passwords Stolen – What to Do appeared first on Foster Institute.

This is the start of a new series called “What to ask your IT professionals.” This series will provide you, the busy executive, with quick and important questions to discuss with IT. This series empowers you, as an executive, to broach topics that don’t “come up” in ordinary conversation. The series addresses both security and best practices—and of course those two often go hand-in-hand already.

Here is what to ask your IT Professionals to help you protect your entire organization against “drive-by-download” attacks: “What security level is configured for the internet and for trusted web sites?”

Because web sites are one of the best ways for attackers to inject malicious software into your network, your users’ computers need as much protection as possible while still allowing them to effortlessly (effortlessly as related to their use of technology) do their jobs.

Modern browsers strive to make security settings easy and understandable by offering a few settings from which to choose. These are examples:

-High Security
-Medium-High Security
-Medium Security
-Pathetic Security but users will probably never complain

A really nice feature is that you can choose “High Security” by default and then make exceptions for specific sites that you trust.

When security is configured to high levels then, on occasion, users might receive a notice that “such and such web site is about to do a potentially bad thing. Is that okay with you?”

Though some won’t, every user who does heed the warning helps protect the security of your network.

Your IT Professionals know of strategies to reduce the number of “support calls” they would otherwise receive. Those strategies improve the users’ experience as well.

Too many IT security decisions are based upon the following notion: “Oh no! Will our users ever hear from their Guardian Angel? Let’s tranquilize her.” Because of this fear, by default from the manufacturer when the software is initially installed, most browsers use less-than-the-best security.

Ask your IT Professional to adjust, and at least discuss with you, the current settings on your organization’s browsers. The default security settings for untrusted sites are probably set too low.

Please forward this to your friends and post your comments below…

The post Is Your Guardian Angel Tranquilized? appeared first on Foster Institute.