* We all know that the Anthony Weiner “hack” was not a hack but just another politician pulling off the scandal du jour. But it’s worth tackling the issue of privacy and security anyway, because it’s huge. And everywhere. And never in a good way.
When the Anthony Weiner/I-never-sent-that-photo-and-don’t-even-know-if-it’s-me (huh?) story broke I immediately thought, “Wow, that’s a really awful violation of privacy! I feel bad for the guy.” It’s not that I trust politicians, it’s just that there are real security threats out there in major and minor forms (think: Sony. Every celebrity’s sex tape. Citibank. Epsilon aka everyone else.)
A determined criminal will find ways into bank accounts and credit card data but they’re probably not interested in hacking into your local ice cream store website and deleting all the strawberry flavors. That kind of thing happens because a ten year old in Uzbekistan is bored and looking for a good giggle. And you’re making it easy on the kid, because you’re not protecting your own data.
While there’s no way to escape stupidity (think: Weiner), there are ways to prevent your website, email, Facebook page, Twitter profile and other online accounts from being breached.
So in the spirit of the hack that wasn’t a hack, here are some incredibly simple ways to make sure that you’re not chasing down a photo of your… um… private stuff one day.
Don’t Tattoo Your Password On Your Forehead
You’re not doing that, are you? Well, you might as well be! Here are a few examples of passwords that have an excellent chance of being hacked. If you’re using any of them, change them immediately.
Your birthday, anniversary, kid’s birthday or any other obvious date. How hard do you think it would be for a hacker, determined mischief-maker or bored kid to guess that the password for your Facebook account is 03121976 when you’ve got your March 12th 1976 birthday listed publicly right there on your profile?
The name of your pet, kid, spouse or any other obvious person. You know how in the movies when someone is trying to break into an email account and they’re about to give up when suddenly they notice a picture of their victim’s Beagle on the desk and try “ilovebarky” and Bingo! Instant access! Well I’ve got news for you. It’s not just in the movies.
Your address, phone number, license plate or any other obvious number. Hackers aren’t sitting there with super secret decoder rings and sophisticated code cracking software. They’re just thinking hm, I wonder if he used his street address? Too many times he did.
Any continuous string of numbers or letters. Random numbers and letters, great, but 123456? Bad bad bad!
Your email address. Most times your email address is your username. If you also make it your password, you’re just one copy/paste away from an intrusion.
The word “password”. Come on, seriously?
Don’t Tattoo Your Password On Your Forehead, Part 2
Here’s another easy way to have your accounts hacked and your identity stolen: keep your passwords written in a notebook, on a pad in your purse, on a sticky note next to your desk or in a text file anywhere, especially on your mobile phone.
Nobody else should be able to find your passwords, on purpose or accidentally. Maybe you’ve got a malicious coworker who wants to mess with you by using your email account to send nasty things to the boss. Or maybe you lose your cell phone and whoever picks it up now knows every password to every account you have.
If you can’t remember your passwords without turning them into a bad luggage combination, then use a good password storage program and store them securely. Best yet, don’t even try to remember your passwords.
Make them so strong that even you don’t know them. A random string of letters, numbers and special characters is pretty bored-kid-proof. Yes, you’ll need to remember the password for your password program, so memorize it and save yourself the agony of waking up one morning to find your entire business email account has been deleted.
Keep Private Things Private
This is almost like trying to protect against stupidity, but it’s worth mentioning since you’re not stupid, just perhaps trusting or a bit naïve. If there are comments, photos or any other kind of private information that you want to stay private, don’t put them online. Anywhere. Ever.
You know the old cliché “Never put it in writing”? Well this is something like that.
You might feel safe enough posting your naked Bachelorette photos on Facebook where only you and your six co-conspirators can see them, but don’t be fooled by that false sense of privacy. What happens the day Facebook says oops, we messed up the privacy switch and everyone’s data becomes public for two hours? Or what happens if you accidentally mis-label or mis-upload? Stuff happens.
Have you ever dashed off an email to a friend complaining about your totally crappy boss/client only to accidentally hit “send” a fraction of a second before you realized it was going to the wrong person? Or maybe in anger you meant to forward your boss’s/client’s email to a friend with a big whiney story about how miserable they are but instead hit “reply all”?
These things happen, and it’s not malicious but it’s just as detrimental. Once you hit send, that email is gone. Clients have occasionally called us in a panic over an email that shouldn’t have gone out and asked us if we could get it back. The answer is: nope.
If you want something to be private then keep it out of texts, emails and off of social networking sites. You’d be safe to assume that anything you put online is public.
Don’t Trust Email
There are a couple of ways email can betray you and I’m not just talking about accidentally forwarding hate mail to a client. There are a few things you should be aware of when it comes to email security.
If you get unsolicited email from someone that you don’t know, don’t click on any links in the email. Even if it’s from someone you recognize – and this is especially true of emails from banks, credit card companies, big online vendors like Amazon.com, PayPal or some other service you may use – do not click!
Email scammers go to great lengths to make their emails looks legitimate, so you may never be able to distinguish an email sent from your bank vs one that’s only meant to look like it comes from your bank. Most people trust the impersonated vendors enough to assume the email is ok and that’s when the bad stuff happens.
If you get an email from your (alleged) bank that requires action then go directly to your account in a browser, not via the link in the email. Any time you get an email that requires action (update your account, check your order status, respond to a survey, deal with an issue) simply go to the account or vendor website directly.
If there’s really something that requires your attention, you’ll know it without clicking on a potentially dangerous link.
But why shouldn’t you click? First, the link could be compromised. One wrong click and the next thing you know, every icon on your desktop disappears and is replaced with a penis (yes, I’ve seen this happen). Worse, you’ve just unleashed a virus that wrecks your hard drive.
Secondly, scammers often set up legitimate-looking websites that are meant to trick you into thinking you’re logging into your account when all you’re really doing is offering up your username and password. If you click on a compromised link, you may be directed to one of these sites and end up inadvertently handing your account information to criminals.
Never send passwords, credit card numbers or sensitive account information via email. Email is not secure. Compared to the amount of security surrounding things like bank accounts and retail websites, sending an email is a little like floating a paper airplane into the wind (with your password on it) and hoping it doesn’t end up in the wrong hands.
I’ve had clients shoot me an email with their credit card number to take care of an open invoice and it makes me cringe every time it happens. I always reply with a friendly admonition but it’s best to avoid the potential for theft and keep your sensitive information out of email.
And while you’re at it, take a lesson from the banks and big vendors directly: they will never ask for you password. If someone does, you know it’s a scam.
There’s always a danger that your private information and sensitive data will be compromised. Someone could hack into your Twitter account and start sending out destructive tweets, or weasel into your Facebook account and pilfer your personal information.
Someone may find a way to infect your computer, compromise your email or poach your credit card number. That’s not meant to scare you – it’s meant to make you stop and think about how you approach your online existence and identity. Most of the times, a hack or breach is the simple result of ignorance.
Weak passwords are often the number one culprit, so take care to strengthen yours today. And if you pay attention to your emails, accounts and how and where you publish private information, you can relax and know that you’re doing everything you can to protect yourself.
The big hacks will happen, but it’s the everyday little ones that are much more common, often more devastating and almost always preventable.
So be smart and there’s a much better chance you’ll be safe.
Have you ever had your privacy or account security breached? How did it happen and what are you doing now to protect yourself?
Good article, here is interesting analysis on why having a password with three common words is more secure than complex passwords required by some systems – http://www.baekdal.com/tips/password-security-usability