Just
about every day, we read in the news that another company has been hacked. You might have already been directly affected
by the password thefts at LinkedIn last year or Evernote this year. Or you might have had your own social media
account, email, website, network, or computer hacked. Worse, many of you have been hacked but don’t
even know it.
So
how can you minimize the damage and risk of hackers? Here are several tips, some familiar, some
not so familiar. As you go through the
list, check off the ones you’re already doing and make a list of new ideas to
implement to protect your business and personal assets.
Signing Your Life Away
Your
signature might look great in a graphic in your email signature line, your
website, or your newsletter, but it’s a huge risk. You’re giving away your handwriting, and
forgers can easily replicate, master your handwriting, and impersonate
you. To reduce identity theft, don’t
publish your real signature anywhere.
Money, Honey
Implement
strong passwords on all of your financial accounts: banks, credit unions, PayPal, credit cards,
and your accounting system. We know it’s
painful, but do not use the same password for your financial accounts anywhere
else, especially social media! If
possible, use a different password for each account to reduce risk further.
What’s Your Password?
Here
are some quick password tips:
· Do
not use your name, your pet’s names or your kid’s names in your passwords. There’s just too much information available
publicly to do that safely anymore. Mix
up letters, numbers, capital letters, and special characters, if they are
allowed. The
longer, the more secure; most apps require at least 8 digits. Change
passwords quarterly to be on the safe side.
Password Storage
Most
apps that help you save time with passwords are NOT safe! Here’s what we do and don’t recommend:
DO:
·
Password-protect
your computer, even though you don’t have to.
· Keep
a separate file of your passwords on your computer, but DO password-protect that
file and make sure it is not shared with anyone on a network. Also name the file something totally
unrelated like bio, letter, or goulash recipe; do not name it “passwords.doc!”
· You
can also keep a record of your passwords offline, but be sure to lock it up in
a safe.
· When
you make file and disk backups, be sure those are locked up and
password-protected too. They will no
longer have your PC password to protect them.
DON’T:
· Don’t
give in to your browser or any website when it asks to remember your user ID
and password, especially for your financial accounts or client
information. All of the major browsers have
been hacked – Internet Explorer, Chrome, Firefox, and even Safari.
If
you use password management applications, proceed with caution. Be sure you have properly vetted their
security claims. Most of these are
simply form fillers that are not safe.
Vulnerable
Applications
Avoid
leaving vulnerable PC ports open and unattended, including chat, messaging, FTP
(file transfer protocol), Skype, webinars, Google hangouts, video sharing, and
the like. It’s like having all the doors and windows unlocked in your house; an
intruder has a lot of choices for easy entry.
When you are on these more vulnerable connections, shut the others down,
and close the applications you don’t need.
Then log off when you are done.
A Plug for Software
As
soon as a hacker has found a new exploit, the software companies will learn
about it and make an update available within days. The hacker community is tight; other hackers will look for software that is
not updated and exploit the hack. Avoid
the copycat hackers by staying on top of your software updates, not just your
anti-virus, but also your Microsoft and other software updates. Doing this will eliminate a great deal of the
risk out there.
New Users
If
multiple team members need to access your software, consider setting up
additional users rather than having one account. If one person gets hacked, the others will
likely still have access and can react quicker to the intrusion.
Stay Safe Out There
