Security Incident - Now What?

We’ve all experienced that dreaded email. You know, then one from a tool you’re using that says something a long the lines of:

‘Unfortunately, we’ve become aware of a security incident.’

Ugh! I know.

In reality, it’s going to happen and it’s not ‘if’ but ‘when’ it does, you should be prepared to take action.

I received one from Canva recently and figured now would be a good time for an important reminder.

Don’t click on links in the email.

Sounds counter intuitive when the email says ‘We recommend you change your password’ with a direct link to take action. Especially when it’s a trusted tool and you’ve clicked their links before.

Here’s why I say don’t click on links:

It’s entirely possible that the email is legit and you should reset your password.

It is also entirely possible it’s a phishing scam.

When you receive emails like this, the best thing for you to do is to visit your tool as you normally would. You can also type the URL directly in a new tab.

Any good tool, will force you to reset your password. Many don’t, but you’ll likely see a banner or something (at least I hope so) that reminds you to change your password.

In the case of Canva, they did not force me to change my password, but they did have a banner to remind me I needed to take action.

I’ve also heard folks say they use Google or Facebook, for example, to login to various tools.

That doesn’t mean you’re safe!

Change your Google or Facebook, or whatever you’re using to ensure your safety. Personally, I’d rather go through the hassle of updating passwords than dealing with a stolen identity or stolen funds.

If you’re using Canva and haven’t updated your password, go now and do it right away.