This isn’t a fun subject to talk about—however almost every day I receive messages from my friends sharing their woes. You know the ones–where they are in a backwoods, third world country and need cash quickly to help them with the horrible authorities after losing their wallets. I’m not sure where those originate, and so far I’ve been lucky (knock on wood) that no one has accessed my accounts yet; however, this is just a quick reminder that you can minimize the risk…Here’s a few tips that will help.
Have you been hacked yet?
Just about every day, we read in the news that another company has been hacked. You might have already been directly affected by the password thefts at LinkedIn last year or Evernote this year. Or you might have had your own social media account, email, website, network, or computer hacked. Worse, many of you have been hacked but don’t even know it. “Knock on wood—let’s assume that you’re still safe!”
So how can you minimize the damage and risk of hackers? Here are several tips, some familiar, some not so familiar. As you go through the list, check off the ones you’re already doing and make a list of new ideas to implement to protect your business and personal assets.
Signing Your Life Away
Your signature might look great in a graphic in your email signature line, your website, or your newsletter, but it’s a huge risk. You’re giving away your handwriting, and forgers can easily replicate, master your handwriting, and impersonate you. To reduce identity theft, don’t publish your real signature anywhere.
Money, Honey
Implement strong passwords on all of your financial accounts: banks, credit unions, PayPal, credit cards, and your accounting system. We know it’s painful, but do not use the same password for your financial accounts anywhere else, especially social media! If possible, use a different password for each account to reduce risk further.
What’s Your Password?
Do not use your name, your pet’s names or your kid’s names in your passwords. There’s just too much information available publicly to do that safely anymore. Here are some quick password tips:
- Mix up letters, numbers, capital letters, and special characters, if they are allowed.
- The longer, the more secure; most apps require at least 8 digits.
- Change passwords quarterly to be on the safe side.
Password Storage
Most apps that help you save time with passwords are NOT safe! Here’s what we do and don’t recommend:
DO:
- Password-protect your computer, even though you don’t have to.
- Keep a separate file of your passwords on your computer, but DO password-protect that file and make sure it is not shared with anyone on a network. Also name the file something totally unrelated like bio, letter, or goulash recipe; do not name it “passwords.doc!”
- You can also keep a record of your passwords offline, but be sure to lock it up in a safe.
- When you make file and disk backups, be sure those are locked up and password-protected too. They will no longer have your PC password to protect them.
DON’T:
Don’t give in to your browser or any website when it asks to remember your user ID and password, especially for your financial accounts or client information. All of the major browsers have been hacked – Internet Explorer, Chrome, Firefox, and even Safari.
- If you use password management applications, proceed with caution. Be sure you have properly vetted their security claims. Most of these are simply form fillers that are not safe.
- My IT company, Sierra Web Solutions, recommends Last Pass. I’ve adopted it and like it—you might try it, as well. It helps me to “remember” passwords safely and securely.
Vulnerable Applications
Avoid leaving vulnerable PC ports open and unattended, including chat, messaging, FTP (file transfer protocol), Skype, webinars, Google hangouts, video sharing, and the like. It’s like having all the doors and windows unlocked in your house; an intruder has a lot of choices for easy entry. When you are on these more vulnerable connections, shut the others down, and close the applications you don’t need. Then log off when you are done.
A Plug for Software
As soon as a hacker has found a new exploit, the software companies will learn about it and make an update available within days. The hacker community is tight; other hackers will look for software that is not updated and exploit the hack. Avoid the copycat hackers by staying on top of your software updates, not just your anti-virus, but also your Microsoft and other software updates. Doing this will eliminate a great deal of the risk out there.
New Users
If multiple team members need to access your software, consider setting up additional users rather than having one account. If one person gets hacked, the others will likely still have access and can react quicker to the intrusion.
How many of these are you already doing? Give yourself a reward, and then get busy implementing the rest so you can stay safe.