After a hacking nightmare left him with a wiped hard drive, a deleted Gmail, and compromised Twitter and iCloud accounts, Wired reporter Mat Honan has been struggling to put his digital life back together. The attack taught Mat a hard lesson about the importance of data backup in today’s world.
What makes this attack particularly frightening is that the hackers didn’t get into Honan’s account by cracking his password. Rather, they used public information and light social engineering to get access to his accounts, exploiting gaps in the password security of both Apple and Amazon. As Honan tells it, “Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information.
Since the story was published, Apple and Amazon have both made changes to their security procedures, particularly when it comes to getting access to accounts.
Although it’s easy to focus on the failures of Apple and Amazon in this situation, it’s also important to consider how this might affect every one of us, as consumers.
So, what can we learn from Mat Honan’s unfortunate experience?
Save Early, Save Often, and Backup Your Data Whenever Possible
A failure to regularly backup your data to another location means you are in danger of losing not only work-related documents and emails, but irreplaceable family photos and videos.
According to a recent survey by Seagate and Harris Interactive, only 10% of the 2,205 U.S. adults surveyed back up their files daily, and that even less use a cloud backup service like Dropbox or Carbonite. What was the most prized digital asset of those surveyed? Almost three quarters of respondents said it was their digital photos and videos.
Data backup up is one of the most important steps any computer owner can take. In the old days, backing up a computer was a time consuming and often expensive process. That’s no longer the case. For over five years, Apple has included its own backup program, Time Machine, into their operating systems. There are a slew of great free options for Windows users as well. Furthermore, users can get a multi-terabyte external hard drive for under $150.
If you want to have added network security that your files will not be lost, beyond that which local backups provide, you can consider cloud-based services such as Carbonite and Backblaze.
Data backups aren’t just important in the event you get hacked, they are also great insurance for theft or mechanical failure. You should try to backup your data at least once a month.
Use Two-Factor Verification
As much of our digital life extends across different services, sometimes ease of use and efficiency can come at the expense of security. Services like iCloud, Gmail, and Twitter now let us daisy-chain our accounts, but that convenience can come at a cost.
In Honan’s case, due to the fact that he had linked his iCloud account to his Gmail account, the hackers were able to gain access to and delete his email after bypassing Apple’s tech support and gaining access to iCloud. This could have been prevented if he had used two-factor authentication for Gmail.
Two-step verification for Gmail, which adds an extra layer of security to your email but complicates the sign-in process, is similar to security measures taken by banks to protect their customers financial data. This Google video walks you through how to get started with two-step verification.
Don’t Use the Same Email Address for Everything and Change Your Password Regularly
Many people use the same emial account or login for every major service. It is a convenient way to receive email and keep track of logins. However, that also makes the information available under that account far more valuable to hackers.
It is a best proactive to use multiple email addresses for different services, or at the very least, not to tie everything to one account. If you must use the same email for all of your accounts, change the password on that account regularly. Additionally, don’t use the same password for all of your accounts. Since it’s a pain to remember different passwords for each service, use a password manager, such as LastPass and 1Password to keep track of them for you. For more password best practices, check out this blog post.
Remember these tips to help protect your digital life from hackers!