Password been compromised?
You may get emails from service providers notifying you that your password has been detected in compromised password lists. These lists are made public from data leaks of public website services or companies that have lost your information to malicious persons.
You can manually check your email address used with public checking sites like this one:
https://haveibeenpwned.com/ - Enter your email address into this website provided and see if that address was part of a previous data leak - If your email has been confirmed to be in a public password list, go and change your passwords for all services using your email address.
Password Creation
Generate a new password you can remember by combining two or more completely unrelated words together with a few numbers or odd characters added to ensure the password ends up longer making it to complicated to guess - example: Examp1eGuru2 or FordMoneyLint3
Changing passwords often is a good habit provided you change more than 50% of the password characters used each time, changing from mypassword1 to mypassword2 isn't good enough, this is too easy for malicious persons to guess.
Use "2 factor Authentication" - Even if your password is known by malicious individuals, the malicious party will not gain access by direct password entry only (You should still change the password).
Account Maintenance
As a precaution, make a list of all the services used by yourself or staff members. Your information like Date-Of-Birth and Credit Card may be stored with a website service and could be used for fraudulent activity without your knowledge when information loss occurs.
Staff may innocently upload content/documents to external services and as time moves forward this information remains resting on a online service somewhere, this perfect opportunity for malicious persons to steal important information that you may be un-aware of by using a stolen password.
Account Privacy
When yourself or a client/customer/staff member submits information to a service regardless if online via the internet or a physical entity, that entity is responsible for keeping this information private from external persons not authorised. In the event of information loss to external persons, the entity must inform the users of that service the event has occurred and what information was taken.
If that entity has discovered a leak of information has occurred, you will need to change your password as soon as possible.
Issues exist where
- You as the customer/client will not know how long ago the information was leaked or stolen other than what was reported (if recorded at all).
- If you own/operate a company or service storing customer information, internal information theft may occur and this information can possibly be later leaked with your existing letterheads. Additionally staff movement between employment may provide information to a entity you yourself never engaged with. (Screenshots, document copying to external storage, document uploading to public internet service, mobile phone cameras etc)
- Computer equipment not wiped securely before disposal.
Summary
Human mistakes do happen (unfortunately), but its important to know what information you are storing externally of your computer/documents folder to understand the issues you may need to rectify.
In the event enough information is found...
- To rebuild a false identity
- Be able to pose as someone important to do financial theft like changing bank number account for payment on high value email conversations
These few examples alone can cause serious damage to you or your business via financial and time losses.
Please get in touch with a trusted technical person and discuss how to prevent this information loss from occurring. If you expect your information to be stolen tomorrow, you will plan today.