Social media can be a playground for cybercriminals. These thieves have become so sophisticated, they can glean your personal data from sites without even hacking into a system. This is exactly what happened with the recent LinkedIn data breach. In fact, there wasn’t a breach at all. Instead, users’ data was “scraped” and then put up for sale on the dark web by cyber crooks.
Cybercriminals have become so cunning; it may seem impossible to protect yourself and your customers from falling victim to these crooks. However, there are ways to stay safe. But you will need to take some initiative to protect what should stay private.
Understanding Scraped Data from LinkedIn
According to reports, 700 million LinkedIn records appeared for sale on a hacker forum back on June 22, 2021. This data included email addresses, full names, phone numbers, physical addresses, geolocation records, employment experience, and more. This was after a similar breach in April.
A statement from LinkedIn reads, “We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites.”
It seems that the information was ‘scraped’ from the LinkedIn site by bots that load, copy, and catalog the information of all of the company’s users in a systematic manner. The same thing has happened in the past with Facebook.
Protecting Yourself from Scraping
All companies, big and small, can become a target for data theft. And, as we have learned from the LinkedIn scraped data situation, a cyber-attack or data breach doesn’t even need to occur in order for your client’s information to be stolen. This means it is imperative you go on the offensive to keep customer information safe. It is best to employ one or more of the following strategies:
-
Find Gaps in Security
An internal data privacy assessment will help detect weaknesses in your digital security practices. It will uncover all of your information security flaws, as well as what could lead to future problems and how to protect your company and customers. An internal data privacy assessment can also determine which information you need to keep and how to securely dispose of it when it is no longer required.
-
Rate Limit Individual IP Addresses
One of the first steps websites can take to combat web scrapers is to block requests from computers that are making them too fast. Thousands of requests from one user are sure signs a bot is being used. However, some proxy services, VPNs, and corporate networks display all outbound traffic as coming from the same IP address, so you could unintentionally block a large number of legitimate users.
-
Use CAPTCHAs
CAPTCHAs are designed to distinguish humans from computers by posing problems that are simple for humans but difficult for computers to solve. CAPTCHAs are useful, but they should be used with caution. Your users may find them extremely irritating, and if you don’t stay up-to-date with the latest version you could quickly become unknowingly at risk.
-
Regularly Change Your Website’s HTML
Scrapers rely on finding patterns in a site’s HTML markup, which they then use as clues to guide their scripts to the correct data. You might be able to frustrate the scraper enough that they give up if your site’s markup changes frequently or is inconsistent.
Privacy & Data Breach Solutions
It is hard for small businesses to do it alone when trying to ward off cybercrooks. Most will find great benefits come with finding a partner who can help you take the next steps toward protecting your business and your customers. This is why AccuShred offers small businesses CSR Readiness Pro.
The CSR Readiness Pro suite helps reduce the risk of data falling into the wrong hands with the CSR Readiness Pro Risk Assessment and award-winning patented Breach Reporting Service. You can further develop your organization’s protocols to increase data security both on and offline once you’ve identified potential gaps in your cybersecurity measures using the self-assessment tool.
AccuShred is committed to the data security of your small business. Contact AccuShred today for more information on CSR Readiness Pro and to see how we can help keep your data secure.