Prevent Hack Attacks: 5 Things to Do Today
Want to know how bad things can get if you're targeted by hackers? The mother of all stories comes from Wired writer Mat Honan, who watched as hackers took apart all his digital accounts in a matter of hours and even managed to remotely wipe his MacBook, iPhone, and iPad. He lost at least a year's worth of photos, emails, and documents.
I won't go through the litany of details, but Honan's account is worth reading to see how bad things can get. The fundamental problem is that no matter how many technical protections are put into place, humans still operate and control them. And humans are flawed and fallible, so loopholes always will exist--like tricking customer support people into giving out sensitive information. Even when companies such as Amazon and Apple know about the problems, there is no guarantee that they will do anything about them. For example, learning the last four digits in someone's credit card account number, which many companies use as a way to verify identity, is ludicrously easy.
Ultimately, you must protect yourself, because you can't guarantee how well others will. Here are five ways to help keep yourself out of trouble:
1. Be smart with passwords.
I've mentioned this before. Smart passwords won't necessarily keep someone from tricking phone-line personnel into spilling something critical, but they can greatly limit the easy damage. Using unique passwords on every site and a password vault to keep them protected makes those who would break in have to work for it. And, often, the necessary effort is the difference between breaking in and finding easier pickings.
2. Restrict credit card information.
Everyone seems to want to keep your credit card information close--all the better to get you to spend money, after all. But, as Honan's story shows, credit card numbers can cause grief. Using a different credit card per account would be great, except no one has that many available. So say no when sites want to store your card number. (A good password vault can help automate entering it when necessary with far less danger.) And if a site insists on storing the number, then delete it after every order.
3. Back up your data locally.
Having your data in the cloud is absolutely convenient. But if someone can get to it there, you are in big trouble unless you have your own copy. Make sure you do, with an additional backup in case you face a problem with a hard drive.
4. Buy a shredder.
No financial statements should go unaltered into the trash. If you're not at home, pocket the receipt until you get home. Then you can file or, even better, scan it for in-house storage and then shred the original.
5. Up the security factor.
If a vendor provides two-step verification, where you have to provide more than just a password for access, like banks do, take it. For example, Google offers two-step verification that involves getting or generating a special access code and then providing it when asked.
Yes, all these steps can be a pain. But it's far less painful than watching a hacker wreck your online life.
ERIK SHERMAN | Columnist
Erik Sherman's work has appeared in such publications as The Wall Street Journal, The New York Times Magazine, and Fortune. He also blogs for CBS MoneyWatch.