The recent huge password breach at social media networking site LinkedIn provides an object lesson in the need for improved IT risk management. After all, if a huge business such as LinkedIn can find itself with millions of users whose passwords may have been hacked, it only means that small and medium-sized businesses with access to fewer resources must be all the more diligent to use those resources to their maximum capacity.
In the case of LinkedIn, more than 6 million hashed passwords may have been breached, though the company has yet to issue any official numbers. The networking site, intended and used primarily for individuals in professional fields, posted a blog entry revealing the problem, explaining that: "Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid. For security reasons, you should never change your password on any website by following a link in an e-mail."
LinkedIn has approximately 150 million users in all, which means that a breach of more than 6 million passwords represents a significant portion of the total user base, though by no means anything approaching a majority. Still, this is not the first time that LinkedIn has found itself in questionable waters when it comes to IT security and the privacy of its users. The 2012 Identity Fraud Survey Report produced by Javelin Strategy and Research found a "higher correlation between users of particular social media sites and actual fraud victims," according to Jim Van Dyke, the president of Javelin. "LinkedIn users actually had one of the highest correlations to fraud." Van Dyke added, however, "We are not saying that LinkedIn is causing fraud; rather, we are saying that there is an inarguable correlation in the data, which could be caused by several things."
One of those things could be a scenario in which hacking problems are an ongoing issue at the service. As a large internet presence, LinkedIn likely has access to many more resources in terms of money and talent than is typically true of a small or medium-sized business. Yet this does not mean that small businesses that allow users to create accounts for some form of online service need suffer the same fate. By leveraging the services of IT consulting firms in a targeted and efficient manner, even the smallest of companies can create an internet presence that will feature robust, multi-layered security for the benefit of its users.