First, let me preface this by saying “behave accordingly” doesn’t mean “eschew the cloud.” Networked, connected computing can give us far too many benefits to abandon as a concept. However, as is often the case, new paradigms mean new risks and new ways of protecting yourself.
Now, read this terrifying article. The subject of the hack is a tech journalists who should have known better, and could have ameliorated the damage done with some very simple steps. That he did not have backups of his primary machine is, frankly, mind boggling — especially when it was the only place his digital photos of his newborn daughter were stored. (Really? On a Mac, with Time Machine as an option? WTF?)
If you’ve read the whole thing, either now or before, you know the drill:
- Bad guys got his Amazon, Apple, GMail, and Twitter accounts easily because all were connected.
- They were particularly savvy at exploiting what amounts to an inadvertent security hole that exists only because of complementary policies at Apple and Amazon.
- They locked and remotely wiped his phone and laptop.
They did all this because they wanted his Twitter handle, no shit. What they could have done, but did not, was extend their nefariousness to his financial life; after all, they had full control of his email.
Hey Chief Heathen, What Should I Do?
Lots.
First and foremost, if you use Gmail, enable two-factor authentication on your Gmail account. This sounds complicated, but it’s really not. Basically, after you configure it, you can’t log into your Gmail account from a random, other computer without ALSO having access to your phone, because Google will insist on texting you a security code you must provide as part of the login process from a non-trusted computer. This makes compromising your email WAY harder. (This may sound familiar if you bank with Chase; they do something similar. If your bank doesn’t, find another bank.)
If you use a Mac, do NOT use “Find my Mac” until Apple secures it better. (Two-factor would make a big difference here.) This is not to say a stolen-laptop service like Prey isn’t a good idea; they are. It’s just that Apple’s combination of approach and (lack of) security here is what allowed the bad guys to remotely wipe the victim’s machine. Oops.
DO NOT USE THE SAME LOGIN AND PASSWORD ON ANY TWO ACCOUNTS ANYWHERE. Yeah, I know this sounds onerous. Trust me. It’s important. Using a good password assistant program, and it’s much easier. The nice ones include browser plug-ins that will fill logins for you, so you don’t even have to remember passwords anymore. I like 1Password which, as a bonus, has a simple password generator built in. It costs money, but is well worth it.
Finally: Backups, backups, backups. I’ve talked about this before, and my methods are still the same: Time Machine, Super Duper, CrashPlan, and Dropbox. Yes, all four. Trust me. I know things.