There’s been a lot press lately about people’s online if being leaked or hacked. Some blame the online service providers, such as Apple’s iCloud or retail stores lackadaisical storage of credit card data. Let’s be honest with ourselves, that type finger pointing or product bashing doesn’t serve anyone. While I realize that you are busy starring in movies or running a successful business, being aware of what needs to happen will help you do or find someone to help you out. The only person or persons who can protect your online interests is yourself. So here are some things you should already be doing or at the very least be preparing to do.
- Start using encrypted email. Nearly every email host on the planet offers some type of SSL encryption. Check your email settings, or hire an expert to check, and make sure that the SSL protection in ON. It also needs to be set to “on” for both incoming and outgoing email on all of your devices. SSL, or secure socket layer, encrypts your email as it leaves your device and delivers it to your mail service provider. That means that no one can intercept and read the contents of your email messages, coming or going. This does not mean that it’s OK to send sensitive information, like passwords, credit card details or even a spreadsheet. However if you do, then you can be sure that the data sent will be encrypted. Next you’ll need to make sure that the people you are communicating with are also encrypting their email.
- Use a password management application. I personally recommend iPassword from AgileBits. A good password management app will keep track of your passwords, integrate into your web browsers, help store security questions, generate secure passwords that meet or exceed the required types that your provider suggests. It will also keep track of what passwords you have used on the various web sites. AgileBits is even making this functionality available to iOS 8 applications so that developers can utilize it’s functionality in their own apps. You can here more about AgileBits in our latest podcast: MTJC Podcast Episode 5
- Create stronger passwords. This is the most important way to protect yourself online. You can no longer rely on your own methods for creating passwords. Again it may seem annoying to create hardened passwords but it is only a matter of time when some script out there cracks your password. If you use common worlds or phrases, you are only fueling the fire. The scripts that attempt to break your passwords will start with the basics, common words and phrases. No there is not a little man or whiz kid trying to crack your password. It is a script running on a remote server. In fact, once your password is cracked it goes onto a list server to be exploited later. There are so many already compromised users and servers that the exploiters don’t need to attack you today. So change your passwords regularly. Best practices recommend using a combination of uppercase and lowercase letters and numbers as well some punctuation or special charters (aka high ascii). There are plenty of password checkers online like: https://howsecureismypassword.net – This site shows you how many seconds it would take to crack your password. A simple password with a common word and number would be cracked in seconds. More complex passwords would take hours. Ideally you want a password that would take years to crack.
- Change your passwords regularly. It may seem to be annoying but rotating your passwords on a regular basis is always a good idea. I personally change critical passwords every 90 days or so. You can set up or ask your providers and/or IT guys to set up a password policy that prompts you to change your passwords. Once again use a password management app, see above, to keep track of your passwords.
- Create different passwords for each site. In general I change up my passwords on every site. Initially I used a shorthand to distinguish each variation. Now I use 1Password to keep track of the passwords and even allow 1Password to suggest new passwords with it’s Password Generator feature. The simple trick here is that if you use the same passwords in more than one place, then you open yourself up to a multisite exploit.
- Use a secure online storage. If you must keep your data in the cloud, make sure you are using a secure service. It goes without saying that you should use secure passwords to access these. In previous point we suggested using password management to keep track of your passwords. No more sticky notes or pieces of paper stuffed under your keyboard. Yes, I’m looking at you. Despite what you may have heard, services like DropBaox, Google Drive and iCloud, do use state of the art encryption to protect you from yourself. They are using better than military grade encryption, Advanced Encryption Standard (AES) with 256-bit or 128-bit key length at least. In theory it would take trillions of years to decrypt your data without the correct key or password. It doesn’t help if your password is the name of your niece’s new puppy. The bottom line is, if the information is too important to lose, then do not store it online. There are tools out three that anyone can buy to get at your online data. I personally recommend that you sync or back your devices up to a computer at home, not online (Sorry, iCloud!)
- Enable 2-step verification for all of your online services. As mentioned in our podcast, MTJC Podcast Episode 5, 2-step verification uses a secondary device to authenticate you when you set up your account. If someone attempts to compromise your data, they won’t get far without the secondary confirmation. Often the online service will ask for your cell phone and send you a txt msg with an additional code to verify your account. So along with your password only you will need to supply the second code to access your stuff. That would keep the bad guys out. You can read about 2-step authentication with Google here: Google 2-step authentication and with Apple’s iCloud here: How to step up Two Factor Authentication on iCloud
- Modify your online privacy settings. Go into Facebook, Twitter, LinkedIn and whatever online social network tools you use and check your “privacy settings“. While it’s tempting to be popular by making yourself as public as you can, you must by now be aware that there are many people out there who are looking the exploit you. Maybe they are after your credit card or banking information. Maybe they are after your private photos. Maybe they are simply out to drive traffic to their web site, and get more money from advertisers. When I was a kid, the boogy man hid behind doors and under my bed. Now the boogy man is a well respected business man running web services in Eastern Europe, China and South Asia. You need to visit your privacy settings and make sure your postings go to people you know and trust. While you’re at it, take a look at the Applications that you’ve allowed to access your online data. Delete or disable the connected apps that you don’t need.
Now that you know the items you need to check, you’ll be better prepared to start protecting yourself. If you haven’t already started using these methods, at least add them to your TO DO list. As the sergeant on Hill Street Blues used to say, “Let’s be careful out there.”