TECH TRENDS
to be thinking about the endpoint , where that information is stored .
Having that in place means a hacker will need to have access to a personal phone or that installed app if they do crack your password .
2 . Change your email password
This will need to be prioritised above and beyond every other saved website in your vault , because your email account itself is another treasure trove of information .
If a hacker has got access to your email and the password you have saved on a platform like LastPass , that hacker has got the keys to your kingdom . When we reset a password , the link is sent directly to our email addresses , so hackers will be able to change it to whatever they want , locking you out and giving them free rein to all of your important websites . It is also worth clarifying that 2FA or MFA will need to be applied to this , too .
3 . Work to a priority list and change all of the passwords to all of your websites
This is a time-consuming tip but one that is totally necessary if you are to avoid being stung further down the line .
All the passwords will need to be changed , in line with best practice recommendations and have them randomly generated . That is a huge job , especially for those businesses that have got hundreds of users using LastPass , so the best solution is to create a priority list and work through it as quickly as possible .
Just like your business , there will be areas of that data that hackers will prioritise – the low-hanging fruit and easy opportunities .
In terms of priorities , focus on the websites that are critical to business function , starting with your banking and government platforms and moving down the list to the accounts you have on the website that are critical to performance , which will differ from company to company .
4 . Be aware that all of your URL lists were unencrypted !
As a result of this , the recent breach on LastPass means that hackers have knowledge of what websites users were accessing .
This will no doubt lead to cyberattacks , like phishing and smishing , so it ’ s important LastPass users are wary of the communications coming their way and exercise caution . Things may not always be what they seem
5 . Decide whether you want to stay with LastPass
Last , but by no means least , this is the biggest decision users of LastPass will need to make as part of their IT strategy in 2023 .
As painful as moving to a new password management website is , LastPass has got to regain customer confidence . Anyone who is educated on this space – the topic of cybersecurity – will have serious concerns about what happened and will need reassurances over how LastPass is both managing the current situation but also reassuring them that it won ’ t happen again .
It ’ s not an easy decision to make . The cost of change is high , and this isn ’ t something any business wanted to have hanging over their heads when they walked back into 2023 .
And I ’ m sure those steps are being taken by LastPass to rectify the situation . However , as we alluded to earlier , the ramifications of this breach are not over and we will not really know the true extent of it for a while yet .
Final thoughts
The breach on LastPass has happened and customer data has been taken . That ’ s a fact – a potentially scary one that cannot be changed .
What individuals and businesses can do , though , is take action now to ensure they ’ re as protected as possible when the consequences of this cyberattack take shape and come to light .
While it is a timely exercise to make the changes outlined , it is a necessary one . Because if the hackers behind the LastPass breach manage to get the keys to the kingdom , there is no telling how much damage they could do to your personal life or the company that you have built up . x
THE FIRST THING TO MAKE CRYSTAL CLEAR IS THAT CHANGING THE MASTER PASSWORD ON YOUR LASTPASS ACCOUNT – AND TO THE RECOMMENDED BEST PRACTICE STANDARD – IS SIMPLY NOT ENOUGH .
www . intelligentcxo . com
17