With every amazing, super-convenient thing that’s created online…
…like Amazon… Spotify… Netflix…
…there are at least a hundred other things that seem hell-bent on frustrating us.
Like phishing scams, viruses, ransomware, hackers, cat memes and so on.
As our lives are evermore digitised (email, banking, Social Media) it’s more important than ever to take precautions.
This is vital not just for your business accounts, but your personal ones as well.
Why I wish I’d followed my own advice (and saved a very embarrassing situation)
Recently I logged into Skype to find out that I’d been hacked…
I hadn’t changed my password in a long time and it had been swiped from another site which had suffered a security breach.
To my horror, a robot had logged in and then pinged a message to every single member of my Skype contact list.
The ‘hacked me’ immediately informed my one of my freelancers that she can:
“Have better looking legs in two weeks”.
Awkward.
It then pinged one of my closest friends – someone, who only the previous week had told me that he was worried about his weight. The message said:
“I just wanted to let you know how simple it is to get slim”.
Unkind.
And it also informed a doctor in psychology (from a very prestigious university) that:
“Looking good is about feeling good”.
That one was my favourite because I think she can actually use that. That was a case of spam me being helpful.
Anyway the whole debacle took a few hours of to sort out. Lots of apologies and emails and password changes…
The reality is, protecting yourself is a lot easier these days.
Go through this quick checklist and make sure you’re covered.
1. Setup admin passwords on all of your devices and then set them to auto-lock where possible
Companies like Apple and Samsung have made it convenient to login to your phone by detecting your thumb print.
If your phone provider offers that facility, use it. Make sure you also have a backup passcode number for emergencies.
We keep a lot of sensitive data on our phones (like banking apps) so it’s wise to have your phone set to auto-lock when you’re not using it.
That way if your phone is stolen the most the thief can do is get your phone, not what’s in it. They will have to reformat it (wipe it) to use it or sell it on. At least your data, your passwords and logins are kept from prying eyes, and you don’t have to spend the next 3 days on the phone and your computer resetting everything.
Some phones don’t offer thumb prints detectors yet: in this case make sure you set up a numerical passcode or phrase that kicks in when you’re not using the device.
The same goes for your computers and laptops, even your work ones. Setup an admin password that locks access when the computer has been idle for a fixed period (for example 5 minutes). That way, if it’s stolen, your data will be much harder to access.
2. Set up two-factor verification
Look, I know this feels like a pain in the backside. It used to be that you could just tap a password in (the same one you used to get into your email, your calendar and your favourite shopping site) and you’d be logged in, no bother.
But these days a lot of platforms now ask if you want to use two-factor verification. This is where you are asked to enter an additional code – usually one that’s sent or accessed via your phone – to login.
Companies that offer this normally display the option under ‘passwords’, ‘privacy’ or ‘settings’.
Yes it’s a pain; yes it’s another hurdle; BUT once you get used to it it’s actually not that much of a hassle. The key thing is, it keeps your information about as secure as it can possibly be. So in my book it’s 100% worth it.
In most cases you’re only asked to enter this second code if you’re logging in from a different machine or device (or from a different location), so unless you’re constantly logging in from different machines, it shouldn’t even affect you too much.
3. Run links you don’t recognise through this tool
If you don’t recognise a link you’re sent over email or social media, DON’T CLICK IT. Don’t open the email, or if you have done already, just trash it or mark as spam.
However, if you’re not sure whether the link you’ve been sent is spam and it seems to have been sent from a credible resource (but you’re still a tad nervous) run the url through this handy tool:
https://www.virustotal.com/en-gb/
First click the URL tab in the above link.
Now copy (don’t click!) the suspicious link and paste it into the space provided. Click ‘Scan It’ and it’ll run it through different scanners for you.
The results should help you determine if the link contains something dodgy or not.
4. Change your passwords regularly
It sounds obvious, but this is where I fell foul on Skype.
If you’ve got passwords which are a few years old, or have been using a shared computer, or if you use the same password on more than one site, make sure you go in and change them from time to time. If you’re worried about forgetting about all these different passwords, the next step should help.
5. Use a password app to create complex passwords and access them easily
There are two great tools for this:
Dash Lane: https://www.dashlane.com
1 Password: https://1password.com/
My personal favourite is 1 Password.
Yes, you have to pay for it, but if you work with a lot of freelancers, like I do, it’s hard to beat.
You can create complex passwords for all your different websites and applications and then access them with a click or via a quick search on your computer, laptop or phone. It even autofills them so that you don’t have to enter them each time. To access it you only need to remember ONE master password.
The best feature is that it lets you create separate vaults for other users (e.g. freelancers), so that you can let them have access to only the sites or applications you want them to, without giving them access to anything else. You can then revoke access at any time with just a few clicks.
Right, that’s it!
I hope this helps.
Let us know if you enjoyed this article or if you have any good security tips in the comments section below.