Most of us likely take online security and privacy too lightly. Think about the types of information in your digital footprint; bank account information, credit card account data, online access to your 401k, Facebook, Twitter the list goes on and on. Think for a minute the ramifications if someone with malicious intent was to gain access to this information... yeah scary.
How can that happen? Well it happens more than you may think. Mat Honan, a well known technology writer lived this nightmare. His email account was hacked which gave the hacker the digital keys to Mat's kingdom. The intruder went on to delete years of email from Gmail, deleted the account then accessed Mat's Twitter account and used it as a platform to broadcast some very offensive messages. Finally his AppleID account was broken into and through that account was able to remotely erase all the data from Mat's iPhone, iPad and MacBook.
One problem is our digital assets are frequently daisy chained together, compromising one can lead to information that unlocks another. For example... let's say someone compromises your personal email. Chances are you have some type of email history related to a bank account or a credit card account. With that information they can contact your financial institution and try to gain access to your accounts. When prompted for hacker busting questions like "what is your mothers maiden name" they simply look at your Facebook page and in some cases find that type of information posted for the world to see. Last four digits of a credit card number? A credit card statement in your email would give them that. Another tactic would be to request a password reset on Facebook and guess what? The request is sent to the personal email address the hacker already has control over, see the pattern here?
There are a number of preventative measures you can easily perform that will provide significant protection, number one is two factor authentication aka 2FA. Two factor uses two separate components to verify identity such as a passcode and a pin number that can be sent to your registered cell phone number. Turn on two factor everywhere you can, Gmail, Facebook and Twitter all have two factor.
Here are some more examples of how you can protect your personal information:
- Of course routinely changing your passwords and making them complex almost goes without saying.
- Take the time to back up important information, preferably to a cloud location and to a physical hard drive.
- Establish an email address that you only use for password reset or recovery tasks.
- Regularly update Windows and other software as security flaws are patched in these updates.
- Run antivirus software and keep it updated.
- Do not access sensitive sites when using unsecured WiFi.
These are just a few of the prevention tasks you should perform. I highly suggest reading Mat's story as it could spare you a digital meltdown, after I initially read it several years ago I immeadiately turned on two factor authentication everywhere I could, I hope you do so as well.
Beringer Associates is always here to provide expert knowledge in topics like these. Please contact us with any questions you may have.