Just this week alone, millions of LinkedIn passwords have been compromised along with 1.5 million eHarmony passwords and passwords from Last.fm. Was yours? Based on these recent events and ongoing learnings from the world of online and social media, I am sharing some suggestions on must do’s right now and some other tips to help protect you and your information online from my point of view and workings in social media/online.

The world of online connections and social media is a wonderful expanse of fast-paced information exchange and on the fly collaboration with both well-known colleagues and new connections alike. In addition to that, being able to conduct business in an online, electronic world through online banking, stock trading, and more brings great convenience to people everywhere, unleashing a new power to get things done from anywhere. But you know the famous quote about power, “With great power comes great responsibility.” In the world of online and social media, this principle holds true as well.

First, let’s start with the events of this week. It has been confirmed that millions of passwords from LinkedIn, plus 1.5 million from eHarmony, and passwords from Last.fm have been compromised. Not only that, but the hacker that has them is actively trying to recruit help in cracking them. What should you do if have an account on one of those sites? Change your password now. Go directly to the site itself (LinkedIn, eHarmony, or Last.fm) and go into your account settings and update your passwords. Whether your account has been breached or not, it cannot hurt to change your password (you should be updating them from time to time anyway), but it sure can hurt if yours has been compromised and you don’t change it!

Next, here are some other things to keep in mind and tips to help protect yourself and your information online:

1. Always go to the site itself. You will notice that above I mention going directly to LinkedIn, eHarmony, and Last.fm sites to update your passwords. Whenever you are looking to work with an online account of yours, one tip to help keep you safe is to avoid “security links” and go directly to the site itself. Why? Simple. There are many fake emails out today and phishing attempts that pose as security alerts or account expiration notifications and they provide a link the supposedly takes you to your account; however, in reality, they take you somewhere else to get your information or to load your machine up with code you do not want. If you ever receive a notification stating you need to update an online account of yours, instead of clicking a link and handing over your information blindly, go to the site directly by typing the web address (URL) into your browser, then updating your information directly from there.
   • Here is a fake PayPal notification I posted about here on the blog before that shows what I am talking about
2. Keep personal and private separate from open and public. Are you a part of social networking (Twitter, Facebook, LinkedIn, etc.) or have public accounts you use for shopping, rewards clubs, etc.? Do you also use your computer to do things like online banking, bill pay, stock trading, or other items that access and exchange your personal, private, financial information? Do NOT use the same password for your personal, private online accounts that you do for your open, public accounts. Why? Always ask yourself, what’s the worst that could happen? Well, if you have the same password for your eHarmony dating account that you use for your online banking and stock trading account, if your eHarmony password was one that was compromised, they now have your password to your online banking and stock trading accounts. That could be really bad.
   • One practice I recommend is have your “junk” passwords (not less secure passwords, but ones designated to public accounts) that you use for your online, public accounts like social networking, online coupons, email memberships, etc. and have completely separate passwords for any of your personal accounts. Think of it as a multiple layer/silo defense system. By separating public from private, in the event a public site is ever compromised, no one has captured anything that can give them access to your personal information. In addition, if you have separate passwords for each of your personal sites (banking, credit cards, stock trading, etc.), which I recommend doing, then even in the worst case scenario if one of those is ever breached, you still have it isolated to one account and one account only.
     • If you need help, there are several password generation/management services you can use.
3. Don’t share too much personal in public – Have you ever setup a security question for an account where you selected your security question and answer to be something like: Your high school mascot, your first car, your pet’s name, city you were born in, etc.? If you answered yes, now ask yourself, where in social media/online have you shared that information? For instance, do you have your high school posted somewhere or do you talk about your first pet? Maybe you reminisce about your first car on Facebook or another community site. At the end of the day, you’ve probably shared the answers to your security questions in forums where anyone can see the information. Always keep this in mind when you are setting up security answers/questions and then when you discuss your personal information online so you don’t accidentally give people the answers to your security questions.
4. Don’t click random attachments/links from people you don’t know or send personal/account information via email. This is another very common online/email/phishing scam where someone will send you a notification giving you of some form of security notice or account failure notice. It will then instruct you to open an attachment in an email or send your account/personal information back via email. DON’T DO IT! Again, if there is really something wrong with an account of yours, by going to the actual site itself in your web browser, you will see what you really need to do, if anything. Also, opening up unknown attachments can unleash a ton of trouble on your computer from viruses to trojans to total system corruption.
   • A perfect example of one of these malicious attachment attempts are the fake Microsoft security notifications that scammers send around telling you that you should open an attachment to clean your computer. Here’s a post I put up on these that shows more information and how to protect yourself from them.
   • Here is a fake Hotmail account notification example that I recently posted on where an email was sent out asking you to verify your account information via email to protect your account. Don’t ever send your account information/personal information via email. Go to the site directly!
5. Choose strong and different passwords. When choosing passwords for your online accounts, (especially ones like banking, stocks, etc.) always use strong passwords. By that, I mean, use a combination of letters (lower case and upper case), numbers, and symbols in your passwords. Substitute numbers for letters (3 for E, $ for S, @ for a, * for o, ! for 1 or l, etc.) Don’t choose something like: 123456, password, qwerty, letmein, abc123, or something really simple to guess, like your birthday, your name, your kid’s or spouse’s name, or any other publicly available information about you. Oh, by the way, changing password to pa$$word or p@ssword doesn’t really increase your security that much since those are such common passwords. (Want to know what the most common passwords are? Here’s several lists from Bing) Also, remember that you don’t have to use just one word in your password. You can use phrases, either with or without spaces depending on the site.
6. Remember that sites talk to each other. Here is a common mistake I see a lot! How many of you have a Facebook account, a Twitter account, a LinkedIn account, and/or a Foursquare account? Now, do you have different security set up for each? (Facebook only shared with friends, Twitter open to public, Foursquare only open to friends, etc.) If so, think about how your accounts are connected. Even if you have your Foursquare account only open to your friends, if you have Foursquare post your updates to Twitter (which you have open to everyone), you’ve now just broadcast your Foursquare check-in to everyone, regardless of who they are.  Take a look at this article How I became a Foursquare cyberstalker which I' have shared with people to read, using the example of he woman in the bar and how easy it was to track her. Are you putting yourself in that same position?
• Speaking of friends and networks, do you automatically accept all friend or connection requests you receive through sites like Facebook, Foursquare, etc. or do you only accept those who you truly are friends with? Keep in mind who you are letting into your online circles and make sure you are only letting in the right people.
7. Turn on your social media security. Speaking of sharing in #5 above, remember that you are in charge of controlling who you are sharing information with. When you set up your Facebook, Twitter, etc. accounts online, make sure that you are limiting your sharing to those groups/people that you want to share that information with. I shared out my Protect your Twitter and Facebook accounts! How to do it… post awhile back that gives you some more information on how to do this.
8. Hey, everyone. I’m gone for a month! There are several different online travel booking/sharing sites available which make it easy to share information about upcoming tips with colleagues and friends, but remember, if you are not limiting where you share this information, you are actually broadcasting to the world that, “John Smith is just about to leave for two weeks on a trip to Cancun!” In other words, John Smith is out of of town for two weeks and won’t be around at all for anyone who wants to know and is interested in John Smith’s whereabouts (be it for good or bad intentions). Just think about what you are sharing and who you are sharing it with. If you’re not sure or don’t know, you should look into it.
9. Don’t expose yourself in public (networks that is). With the proliferation of Wi-Fi availability through coffee houses, libraries, and more, getting online is becoming easier and easier. With this ease also comes exposure risks if you don’t protect your computer. Make sure that if/when you connect to Wi-Fi through a public location that you are securing your connection and your file sharing and discoverability are turned off. Here’s a quick overview on “Choosing a Network Location",” which is built into Windows 7 to help you protect yourself when logging on from public locations.

The list above is nowhere near exhaustive and is just a few tips I am sharing with you from my perspective. If you have others to share, please feel free to leave comments on this post below as I’d love to have them shared (be sure to check out the other posts I referenced above for some additional resources and info on this topic). Here are also a couple of other posts I have shared in the past with information and resources for you on this topic:

• How to avoid scams that use the Microsoft name fraudulently
• Online computer security: Protecting yourself, your kids online, your computer, and more.

As someone who loves the power of social media and online connections, I believe it empowers people to connect in so many ways they never were able before; however, at the same time, you just need to keep in mind what it is you are exposing and with whom you are exposing it when you get started in and participate in online and social media connections. Happy networking and I’ll see you online!

Did you find this information helpful? If so, you may want to make sure you are utilizing all of the areas I share information online, such as:

My Twitter account My Linkedin account My blog My Facebook page

Get the Microsoft Partner Info Mobile App and get access to the latest from all of those plus: product teams, MPN teams, Microsoft News and hundreds more resources here at Microsoft right on your phone:

Thanks again for being a reader of my blog!

Thank you and have a wonderful day,

Eric Ligman – Follow me on TWITTER, LinkedIn, and RSS and see “What I’m thinking”
Director, Worldwide Partner Experience
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights