Your company’sprofiles are not safe, and there are no exceptions to this rule.
This is not a scare tactic – it’s reality. Being a small business doesn’t protect you against hackers, and neither does being a large business.
Mat Honan’s Nightmare
To understand why no one is safe and how much damage can be done, we’ll examine Mat Honan’s scary story.
Honan, a tech writer and former Gizmodo staffer, had his life turned upside down in August when a group of hackers took over his Google account and deleted it, sent racist and homophobic tweets from his Twitter account, and gained access to his AppleID account only to wipe his iPhone, iPad, and MacBook clean.
“I asked [one of the hackers] why. Was I targeted specifically? Was this just to get to Gizmodo’s Twitter account? No, [the hacker] said they hadn’t even been aware that my account was linked to Gizmodo’s, that the Gizmodo linkage was just gravy. He said the hack was simply a grab for my three-character Twitter handle. That’s all they wanted. They just wanted to take it, and [expletive deleted], and watch it burn. It wasn’t personal.”
In Mat Honan’s instance, all this hacking was just for fun. The hackers liked his three-character Twitter username, so they decided to get access to it.
If that’s the damage a couplecould do for fun, imagine the harm an angry customer would cause (or a motivated, unethical competitor). Your company would be in serious trouble.
Since then, Mat Honan has been on a mission to learn more about online security. He recently penned an eye-opening feature, Kill the Password: Why a String of Characters Can’t Protect Us Anymore, that reveals much about the security of your online life.
If this summary of his experience doesn’t convince you of your susceptibilities, then his follow-up piece is sure to do so.
How To Safeguard Your Social Media Profiles
Since everyone – individuals, small businesses, large businesses – has a target on his or her back, here are some preventative steps you can take to minimize (not eliminate) your company’s vulnerabilities.
Don’t use the same password across your social media accounts. This makes it easy to gain access across the board. Once a hacker has your Twitter password, then they can easily log in to your other accounts and spread the damage across platforms.
Don’t use an email address with a company domain as the primary email. Set up a Google, Yahoo, or Hotmail account that is tied to all your social media accounts.
Why do this? When a hacker has targeted an account, accessing your email part of the process sometimes. If you have a work email address tied to a Twitter account, the hacker will then focus his or her efforts on accessing that account. That can spell bad news for your company, especially if there is proprietary or confidential data in emails.
Use two-factor authentication when available. Google offers two-factor authentication to access your mail, which requires your password plus a code sent to your phone. Google’s Matt Cutts explains what it is and busts a few myths about it.
Here are some more tips from good-guy hacker Jeremiah Grossman and cryptographer Paul Kocher that appeared in The New York Times:
- Store your passwords securely. Note: your desk drawer is not secure.
- Avoid using words in the dictionary. Use phrases instead.
- Give unrelated or ridiculous answers to security questions. Ex. What is your favorite color? “My favorite saying.”
- Use different browsers: one for banking and checking email, another for blogs, forums, etc. That way, if your surfing browser gets infected, your bank info is not compromised.
Follow the link for more details and tips about devising passwords that drive hackers away.
“At some point, you will get hacked — it’s only a matter of time,” Grossman told NYT reporter Nicole Perlroth. “If that’s unacceptable to you, don’t put it online.”
© 2012All Rights Reserved
Want to learn more about growing your business? Download a free copy of Building and Exiting a Desirable Business today.