In light of the recent Google Docs phishing scam, we wanted to talk about something slightly yawn-inducing but extremely important.
Internet security.
We all know it’s a serious threat.
A threat to:
- Your credit card and bank information
- Your passwords
- Your emails
- Important documents
- The functionality of your devices
When you work in an industry like ours where this is a lot of sensitive information involved, it’s no longer about what you want — it’s about protecting your clients.
And there are some simple mistakes we all make without a second thought that can put everything at risk.
Internet Security For Dummies
In internet security, the most secure computer is one that is sitting in a room behind a locked door. It’s not connected to the internet or any networks, and it just sits there.
Those computers will run for years and years, because there’s no outside influences like spyware, malware, or viruses.
Aaron Parr, an internet security consultant, explains,
“The minute you start adding in outside influences — even something as simple as a flash drive into your USB port — there’s the chance that something will come in and slow your device down, steal your information, crash your computer, and so on.”
But what’s the use of having a computer that’s only good for playing a good round of minesweeper?
Parr tells us to think of internet security as a balancing act. We have to have access to information, which means we have to be connected to an outside source. But, the more we do that, the more holes we open up (for bad stuff to come through).
Here are some simple things you can do to make sure you’re safe, and more importantly, that your entire book of business is safe.
1. Don't connect to your client's wi-fi
When you visit a client’s house, whether new or existing, do not connect to their wi-fi network. Instead, use your phone as a hotspot, or buy a tablet that connects over the mobile network.
Why?
It’s not that your client is going to hack you — it’s that the network can be infiltrated by a third party. It’s not actually that hard to do, what with there being YouTube videos showing exactly how to do it.
In simple terms, traffic is intercepted between your device and your client’s wi-fi by making your device think the hacker’s machine is the access point to the internet. When it’s not.
Hackers will also boost a strong wi-fi signal with a similar name of the network you’re trying to connect to. For example, you might see a network that’s called “Holiday Inn,” and there’s another one called “Holiday Inn West Side.”
The West Side one has 5 bars, while the other only has 3. It’s easy to just click on the one with the stronger signal and not think twice. But, it could be a hacker in his creepy van that is now monitoring everything you do on your device.
Check out this example:
It’s really hard to discern which one is the valid network, isn’t it?
Lenny Bencie, a global security consultant, goes as far as saying, “Falling victim to public Wi-Fi’s dangers is a question of when, not if.”
The safe thing to do is to always use your own internet signal. Better safe than sorry.
2. Don’t send sensitive information via email
It’s really tempting to send important information by email, but here’s the sad truth:
1 in 4 email accounts get hacked.
It is of PRIME important that you don’t send any of the following:
- Tax forms
- Travel itineraries
- Passwords
- Invoices
- Scanned IDs
- Insurance information (!)
It can be annoying, but your customers will enjoy seeing you in person, and they’ll appreciate the extra steps you take to ensure their security. You can also go old school and send important documents via direct mail.
Our emails are also connected to everything. Think about it. Your email is probably interconnected to many of the following:
- Your bank account
- YouTube
- Google Drive
- iCloud
- DropBox
- Amazon
- PayPal
- Netflix
- Uber
- Sales Rabbit
- Agency Bloc
- Online retailers
- And the list goes on!
When your email gets hacked, it’s not just about the sensitive information that’s in your inbox. It’s about everything else that it’s connected to. And if your email is connected to an app or account that houses your client’s information, you’re putting your entire book of business at risk.
In fact, if a hacker gets into your email, they can easily open up a bank account in your name, take out a loan, and ruin your credit rating in a matter of days.
That’s why the next step is extremely important.
3. Create secure passwords
I’m guilty of it. Creating passwords that are simply easy to remember, and using the same password for multiple accounts. However, we live in a world now where you don’t actually have to remember your passwords.
Password managers can create really complex passwords that make it very hard for people to hack into your accounts.
There are a lot of options, and here are a few:
It makes it easy to choose different passwords for everything, and the apps remember the information for you.
Parr explains, “At the very least, you want to have different usernames and passwords for everything. That way, when (not if) a hacker gets into one of your accounts, they won’t get into everything.”
It’s very easy for a hacker to throw every word in the dictionary at a system. It’s also easy to fire off every word in the dictionary and every one or two digit number after that word. So, if your password is “dogs24,” there’s a really good chance that a hacker will get into your account with no trouble at all.
If a hacker does what’s called brute force cracking, the hack will start with the letter “a.” Then, it’ll go through the alphabet. Then, it’ll start over and go “aa,” “ab,” and so on. Then, it’ll start over and add a third letter: “aaa,” “aab,” and so on.
So, after it runs all of the lowercase letters out to maybe 27 characters, then it has to go to capital letters.
Now, if you add a number into your password, it has to go back through lowercase letters, uppercase letters, and numbers.
Then, if you add a special character, the hack has to go through lowercase letters, uppercase letters, numbers, and special characters. You can imagine that the number of possible combinations is an extremely large number.
Every time your password gets longer, and every time you add another variable into it, the hacker has to do that many more combinations.
However, it’s more important to have a longer password than it is to have a complex password.
Check out this chart:
Now, this is from 2014, so hacking might be faster than it was before, but you can see how drastic of a difference it is to make your password just one character longer. When you move from 13 to 14 letters, you make your password secure against a hack for a least a century. Now that’s really something.
Parr explains that patterns can make it easy to remember a really long password, and a hacker can’t detect patterns. All a hacker knows is if they’re right or wrong.
Here’s an example of a great password that uses patterns to help us remember: @@@%%%111Aa@@@%%%111Aa
To calculate how secure your password is, the character set is raised to the power of the password length.
So, for example, if you’re just using lowercase, uppercase, and numbers 0-9, that would be 62 raised to the power of the length of the password.
So, the longer the password is, the better off you are. Longer will always trump complexity.
When you do both together? You’re basically impenetrable.
4. Question everything
Phishing and hacking attempts are starting to look scarily legitimate.
Gone are the days when you get an email from Raj asking you to give him your bank account number so he could put $10 million in there.
Now, we get texts like this:
Or emails like this:
The recent Google phishing scam was creepily real-looking, too. If you didn’t notice the strange email address it was coming from, everything else looked totally normal.
If you get a text or email asking you to verify information or click a link, be very suspicious and avoid it at all costs.
Some easy ways to verify their credibility is to look at the phone number that’s contacting you or the email address that it’s coming from. If it’s a bunch of random letters or numbers, ignore it.
In any case, be wary of these emails and assume the worst.
There’s a lot of other things you can do to prevent getting hacked, but these 4 steps should keep you covered.
If you have any additional advice or insights, leave them in the comments below!
