Attackers, Hackers, & Password Hijackers
This past weekend Mat Honan, tech guru and senior writer for Wired, was victim to a devastating cyber attack that was surprisingly easy for the perpetrators to pull off. In about an hour, hackers hijacked his Google, Amazon, Twitter, and Apple accounts and completely wiped out everything saved on his computer. Without a backup, his family pictures were lost with no way to recover them.
How could all of this happen to a tech guru? As it turns out, all the teenaged hackers had at their disposal was some limited information about their target, Honan. That, coupled with security measures that most people take for granted, was enough to destroy his family's memories and tarnish his reputation. In Honan's own words, "Those security lapses are my fault, and I deeply, deeply regret them."
Honan has been using this as an opportunity to spread awareness of mistakes many of us make that put us at risk. With that in mind, we've compiled some quick things you can do to safeguard yourself from similar attacks.
If any online account you have offers 2-step verification, such as Google, it's a surefire investment of the few minutes it takes to add this feature to your account. To summarize the benefit of 2-step verification, the idea is to only allow login on computers which you yourself authorize. For a bit more detail on how 2-step verification works with a Google account, check out this video made by Google.
Not every online account offers 2-step verification, so we need another approach to protect ourselves, and oftentimes our only line of defense is a password. Maybe your password isn't as breakable as 12345, but someone with the determination can use a computer program to hit you with a brute force attack. Brute forces can run through millions of passwords per second and can correctly guess short or common passwords in minutes.
Fear not, though! Brute forces are essentially worthless against carefully crafted passwords. Every good password should be at least 8 characters long (the longer the better) and contain all of the following:
- Lowercase letters
- Uppercase letters
- Special characters (!, $, &, etc.)
To make your password easy for you to remember, make up a story to go along with it. For example: WIw16yomD&I8s! (When I was 16 years old my Dad and I ate snails!) Such a password would be un-guessable, nearly unbreakable, and would be hard for you to forget. Microsoft has created a password strength checker if you want to make sure your password will survive a brute force attack.
Computer & Data Backup
Whether you implement the above measures or not, having safe backups of your data will give you peace of mind as well as a light at the end of the tunnel should you be the victim of a cyber attack. You can manually backup your data using a flash drive (or an external hard drive if you have more to protect). If you want your data to be backed up automatically, or if you want to protect your company's data, more considerations are necessary. How much data do you need to backup? What level of security will you need for your data? What happens if a there's a power surge or natural disaster which affects your physical backups?
If you have questions like these, or any other security concerns, Kemper Technology Consulting can help you choose and install a backup solution to fit your specific needs.
Kemper CPA Group LLP publications should not be construed as legal advice or legal opinion on any specific facts or circumstances. The content is intended for general informational purposes only. You are urged to consult your own advisor on any specific legal questions concerning your situation.