Have You Been Hacked? How to Minimize Your Risk
Just about every day, we read in the news that another company has been hacked. You might have already been directly affected by the password thefts at LinkedIn last year or Evernote this year. Or you might have had your own social media account, email, website, network, or computer hacked. Worse, many of you have been hacked but don’t even know it.
So how can you minimize the damage and risk of hackers? Here are several tips, some familiar, some not so familiar. As you go through the list, check off the ones you’re already doing and make a list of new ideas to implement to protect your business and personal assets.
Signing Your Life Away
Your signature might look great in a graphic in your email signature line, your website, or your newsletter, but it’s a huge risk. You’re giving away your handwriting, and forgers can easily replicate, master your handwriting, and impersonate you. To reduce identity theft, don’t publish your real signature anywhere.
Implement strong passwords on all of your financial accounts: banks, credit unions, PayPal, credit cards, and your accounting system. We know it’s painful, but do not use the same password for your financial accounts anywhere else, especially social media! If possible, use a different password for each account to reduce risk further.
What’s Your Password?
Here are some quick password tips:
• Do not use your name, your pet’s names or your kid’s names in your passwords. There’s just too much information available publicly to do that safely anymore.
• Mix up letters, numbers, capital letters, and special characters, if they are allowed.
• The longer, the more secure; most apps require at least 8 digits.
• Change passwords quarterly to be on the safe side.
Most apps that help you save time with passwords are NOT safe! Here’s what we do and don’t recommend:
- Password-protect your computer, even though you don’t have to.
- Keep a separate file of your passwords on your computer, but DO password-protect that file and make sure it is not shared with anyone on a network. Also name the file something totally unrelated like bio, letter, or goulash recipe; do not name it “passwords.doc!”
- You can also keep a record of your passwords offline, but be sure to lock it up in a safe.
- When you make file and disk backups, be sure those are locked up and password-protected too. They will no longer have your PC password to protect them.
- Don’t give in to your browser or any website when it asks to remember your user ID and password, especially for your financial accounts or client information. All of the major browsers have been hacked – Internet Explorer, Chrome, Firefox, and even Safari.
If you use password management applications, proceed with caution. Be sure you have properly vetted their security claims. Most of these are simply form fillers that are not safe.
Avoid leaving vulnerable PC ports open and unattended, including chat, messaging, FTP (file transfer protocol), Skype, webinars, Google hangouts, video sharing, and the like. It’s like having all the doors and windows unlocked in your house; an intruder has a lot of choices for easy entry. When you are on these more vulnerable connections, shut the others down, and close the applications you don’t need. Then logoff when you are done.
A Plug for Software
As soon as a hacker has found a new exploit, the software companies will learn about it and make an update available within days. The hacker community is tight; other hackers will look for software that is not updated and exploit the hack. Avoid the copycat hackers by staying on top of your software updates, not just your anti-virus, but also your Microsoft and other software updates. Doing this will eliminate a great deal of the risk out there.
If multiple team members need to access your software, consider setting up additional users rather than having one account. If one person gets hacked, the others will likely still have access and can react quicker to the intrusion.
Stay Safe Out There
How many of these are you already doing? Give yourself a reward, and then get busy implementing the rest so you can stay safe.