If you are doing business online, even if it is a modest supplementary income, you have to be on guard when it comes to your security. When tech savvy predators use Social engineering to attack a victim, seldom have trouble securing access to private, online accounts when they put their minds to it, as demonstrated to comedic effect by Jimmy Kimmel. Why would somebody want to hack into your blog or website for your online business? There are any number of reasons. Often times it is something a subtle and encoding ads onto your site, or perhaps swapping out your Google Adsense codes for their own so that they can syphon off your Adsense revenue. If you have client information, they may be after that, or worse yet, your PayPal or credit card information. Last year, a California man with an coveted Twitter account saw a failed attempt to hack into his PayPal account give one such predator enough information to successfully hack into his GoDaddy account, after which his websites were held hostage in exchange for his Twitter account. Something this extreme may not happen to you as these hackers often wish to infiltrate your website unbeknownst to you so that they can syphon money from you over a long period of time without your noticing. However, given that this kind of crime is on the rise, it is important to maintain tight security to make sure you don’t become one of the growing number of victims. Here are a few easy ways to do that.
1: DON’T INCLUDE PERSONAL INFORMATION ON SOCIAL MEDIA
This may sound like a no brainer, but it is surprisingly easy to get all the information one needs to hack into a GoDaddy or PayPal account by simply going over somebody’s Facebook page. They see your birthday, they notice your who your mother is, and may even see her maiden name if she hyphenates it, as many people on Facebook do. Once they go through your pictures, get the name of a pet, see some of your favourite authors or movies, and take note where and when you graduated, they suddenly have more than what they need. A birthday is often times enough, and a mother’s maiden name or graduating year can seal the deal. So how do you avoid this? First, put your Facebook on private so people who aren’t friends can’t see your profile. Second, don’t add strangers. It you are a guy and a gorgeous woman you don’t know adds you, be suspicious. Don’t post your birthday, or better yet, post a birthday that isn’t your birthday, that way when a hacker tries your information, they’ll have the wrong stuff. Also, don’t attached your familial relationship with parents or siblings, and ask your family to inbox you when they have a comment. As for information about your schooling, don’t post the name of your high school, and certainly don’t post your graduating year (though that is easy enough to guess if they have your birth year). Alternately, of course, you can post all this information on Facebook, but enter bogus information when signing up for an account. This can be tricky sometimes as they may need authentic information, but using these tactics can throw off social engineers and prevent them from even getting a foot in the door.
2: USE DIFFERENT E-MAILS FOR DIFFERENT PURPOSES
It may sound silly, but even something as simple as an e-mail address can get you. If you are signing up for webhosting, a domain name, or an online payment services, use a different e-mail than you use for social media or on your website. If, for instance you use firstname.lastname@example.org for your social media accounts, and email@example.com for your contact information on your website, create a third e-mail when signing up for online services. This has two benefits, the first being that if hackers try your business or personal e-mail to get into an account with a webhosting provider, they will be out of luck. The second is strictly pragmatic as it will reduce the number of unrelated e-mails you get in your business and personal accounts. When making this third account, since nobody has to remember it, use a gibberish word and letters that don’t make sense. That will make it hard to track the e-mail through guess work. I can promise you, any combination of surnames and given names already have e-mail accounts with every provider and have signed up for PayPal, so it is easy enough to plug one in and hit the jackpot. Also, avoid linking your secondary e-mail address up with other services, like Google, that way people who hack one e-mail address won’t have easy access to other ones.
3: CHANGE PASSWORDS FREQUENTLY
I have told so many people I coach this, and they all agree with me, but many of them don’t practice this. I know because when they need help with a website, or setting up domains, they forward me their login information and I see that it is the same login information that they’ve been using for months. You might think that it is hard to remember these passwords, but all you need to do is get a password manager. If you are unsure about which password manager to use, Lifehacker has a list of some of the best ones available. Keepass, 1Pasword, and LastPass are all great, and Roboform is one of the most popular. Check out the prices and see which one suits you best. They will allow you to change and save passwords so that you don’t have to remember them.
4: DELETE INFORMATION AND UPDATE CONSTANTLY
If you are doing business with folks and you are given any information, make sure to delete it is as soon as you are done with it. You do not want to get hacked and find out that other people’s information was stolen through your site. It will be a major hit on your credibility and damage your brand. I don’t keep any information longer than I have to. I also make sure to update my information on a regular basis. For instance, I always re-enter my Google Ad codes so that if they were changed, the proper codes are in place every two weeks, and because I change my passwords on a regular basis, anybody who might have hacked in won’t be able to do it again. Thankfully I have never had an issue with this, but this is in large part due to the fact that I practice what I preach religiously.
5: PAY ATTENTION TO THE URL
Whenever you get booted off any account and have to log back in, always be hyper away of the URL. There are any number of websites that easily mimic the formatting of popular sites like Facebook, Twitter, Hotmail and Google, and they often have very similar URLs with a subtle difference. When you log in, they direct you back to the page you were never actually logged out of, and now have your log in information. A lot of sites do this by asking you to log in through another service. This may be an attempt to secure your login information. Always be cautious of this as well, and never use the password you use for important personal accounts to sign up for services from other websites. The password manager is handy in this respect because it allows your to a new password for every account you have without having to remember any.
There are of course a number of things you should do other than these. Make sure the sites you visit have HTTPS, especially if you are giving out any information. In researching this article, I noticed several lists that mentioned this, and ironically, none of them actually had it (you will notice that my site does have it). Make sure your firewall and virus protection services are updated, and delete your cookies. These practices are helpful, but they won’t protect you from every form every security threat. Use your common sense, avoid giving out information, don’t post identification information on social networking sites, and be careful of any suspicious interactions you might come across. Most importantly, don’t have the attitude that identity theft and online hacks happen to other people or that you don’t have anything worth hacking. The people who do this kind of thing do it on a large scale, so they go for small individual profits on a large scale, not big individual gains. It is much easier to rob a million people of $10 than it is to rob one person of $5000. They are playing the long game, it is best that you do as well and keep yourself, and your brand, safe.
If you this article to be useful and would like updates on future posts, be sure to follow me on Twitter @MikeBashi.