Vimeo Shows IT Security How It’s Done

I recently received this message in my email from the video hosting service Vimeo, with whom I have an account. (No need to read the full text, summary below.)

Here’s the short version: Vimeo heard about Adobe’s big security breach from last year and took proactive steps to protect their own users. They went through the big list of emails compromised by Adobe. They found my email on that list. They thought: “Hey, we have a user with that same email. It’s possible he used the same password for Adobe that he uses with us. We better reset his password here just to ensure his safety.”

Wow.

Most IT folks saw the Adobe fiasco last year and thought: “Oh, there’s been another security breach—who cares.” Who cares? Your users care, and you should to!

So today, I ask you to take two actions.

First, follow Vimeo’s lead. Search through Adobe’s list of compromised emails. See if any of your users’ addresses are on the list. If you find any, proactively change their passwords for them. At the least, touch base with them on the possibility of their login data having been compromised. (Individually—don’t just send out a company-wide memo!)

Second, ask yourself: “Am I always providing this level of service and protection to my users? Do I proactively secure my users, or do I just give some general advice and hope they take care of their own security needs?” If you answered “no” to these questions, ask yourself “Why not?”

A big hat’s-off to Vimeo. Consider them your new benchmark for IT security.