Did you read this article back in 2012 from Wired magazine, about an otherwise tech-savvy writer who had his digital life destroyed quickly by a few security flaws at Apple and Amazon?
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.
Via http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/all/
This article was completely fascinating and it came to mind this morning when I received an email from Apple about someone signing into my account at 7:39 AM PST. It wasn’t me logging in, so I immediately reset my password and all was well.
Fortunately, some of these security flaws have since been fixed. For example, Apple users can no longer reset their Apple IDs over the phone. But frankly—these sorts of things happen even when you’re vigilant. Here’s how WE practice vigilance:
Five Tips to Prevent an Epic Hacking, Circa 2015
1. Don’t use the same password for every website. You can take one password and add to it to create a different password for each site. One trick is to use your goal for a password, replacing some letters with numbers. Then you’re reminded of it every time you log in. For example:
Go2N3wZ3aland2015! (Get it? Go to New Zealand in 2015.)
Then for your ING account your password could be INGGo2N3wZ3aland2015!
2. Don’t use the same email address for every account. If hackers were to gain access to the single email address linked to all your accounts, all those accounts become vulnerable.
3. Use 2-step verification wherever you can. Gmail offers it, as do many banking websites. When you log in to your account using a new computer or other device, a code is sent to you via text. You have to enter this code before you can access your account. This video shows how to get started with 2-step verification for Google:
4. Back the heck up! For all but a few specialty applications, we recommend using a cloud backup service. Of course if you’re on an Mac, you have the option of Time Machine, but we like tools like Carbonite and Mozy better. (Here’s a great post about why you should do cloud backup even if you have Time Machine: https://www.backblaze.com/blog/backblaze-and-time-machine/) For about $50-60 per year, your backup is stored in the cloud. We also like backing up our photos from an Android device to Google (be SURE to use two-step verification if you’re backing up your photos to Google… remember that celebrity phone hacking situation from a few months ago? Better yet, don’t take questionable photos on your phone.). You can also back up your photos to Flickr. Every Flickr user is allowed a full terabyte of space.
5. Think before using the “Find My Mac” feature on your desktop computer. With iCloud and iOS 5 or later you can locate, play a sound on, display a message on, and remotely lock, or erase your iPhone, iPad, iPod touch, or Mac.While it certainly can happen, it’s not likely that your desktop Mac is going to be stolen and you’ll need to wipe its hard drive. Far more likely is that a malicious entity could access it remotely and wipe your hard drive… ouch.
If you have concerns about the security of your business, keep in mind that we have a long history in military intelligence and risk mitigation. We would be happy to help; just drop us a line.