Recently, 700 of the 758 million user profile records on LinkedIn were scraped and sold by “GOD user” TomLiner. The information was combined with data from other sources to create a fairly complex profile of users that includes full names, personal and professional experiences and backgrounds, physical addresses, LinkedIn usernames and profile URLs, genders, e-mails, phone numbers and other social media accounts and usernames.  With a price tag of only $5,000, we can almost guarantee widespread distribution of the data and a fresh new wave of highly targeted phishing campaigns and even identity theft.

LinkedIn released a statement detailing the scraping was not a breach: “it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.” Although a data breach technically did not occur, the millions of records can be used to orchestrate highly sophisticated social engineering attacks.

So, what can we do today to avoid being a victim of these attacks?  Unfortunately, there is no “silver bullet” that will just make this all go away.  However, we can employ a layered approach to email security that combines better spam and phishing protection, data protection and user education to significantly reduce our risk of being a victim.

Since we expect many of these attacks to come through email, the first layer of defense is a strong anti-spam / anti-phishing solution that uses advanced threat analysis and user behavior analysis to identify potential phishing attacks.  This solution should be combined with a data protection solution that limits and audits any attempts to send sensitive information out of the company via email.

The final layer of defense in any security solution (and the most difficult to solve) is user education.  The goal is to make security awareness part of your company’s culture.  And we all know, changing culture is extremely difficult, but not impossible.  A good end-user security education solution will provide bite-sized “micro” training sessions to make it easy for busy employees to complete training.  A good solution will also include an accountability component that helps managers ensure the training is being completed and the users are learning.  This accountability component should include quizzes after the training is completed, user training tracking and reporting as well as “pop quizzes” in the form of live phishing simulations to ensure users are paying attention and really making security part of the culture.

While these solutions will not guarantee you are not the next victim of a cyber-attack, they will certainly reduce the risk and put your company way ahead of many other companies.

If you would like to gain peace of mind by knowing for certain your network is secure, we conduct FREE third-party audits of your systems. If you are interested in a third-party audit of your network systems, please submit a request here: https://www.responsivetechnologypartners.com/free-assessment/. This is a “no strings attached” free service we conduct as a way to do our part in making sure we secure as many businesses from the bad guys as possible. Here’s how it works. First, we will have a quick 10-minute call to discuss your network. Then, we an expert technician to run an assessment of your network. After that, we will discuss our findings with you and provide expert advice on areas in your network that may be vulnerable. Please sign up for this service by submitting a request here https://www.responsivetechnologypartners.com/free-assessment/ or calling our office at (877) 358-9388.