Why You Can’t Think Of Your Data In Isolation Anymore

Let’s start in November a few years ago. A  friend contacted me, obviously distressed. Her site had been hacked.

Your Online Data is Not IsolatedI thought, no problem. We’ll get on it.

It turned out to be not so routine.

Eventually, we found out her website wasn’t hacked.

Her domain was stolen. The new website was not hers. Not on her web hosting account.

Someone stole her entire business from under her.

Fast forward a couple of months. Another sobering story. Mat Honan, one of Wired’s senior writers had his Macbook, iPhone, iPad, Google Account completely wiped and his Twitter account hijacked. Then, I heard news of another friend’s domain getting hijacked.

Then just this week, another major story. Naoki Hiroshima, creator of Cocoyon and developer for Echofan had his highly valued Twitter username extorted from him. What did the extortionist have on him? Oh… just all of his domains and PayPal account. Reading his story and the hacker’s responses sent chills up my spine.

Since working with my client and learning about Mat Honan’s hacking, I’ve been careful. There’s still much to be done but definitely more careful. I worry a lot about what my husband puts out too. But that’s another story for another day.

By now, I’m feeling rather helpless. Then I read another followup story in response to Naoki’s. Now, I felt hopeless as well.

I’m writing this not to scare you. Although, I know you can’t help but feel scared. I do. My intention is to help everyone stay informed.

What can be done?

Honestly, I’m not 100% sure. These social engineering attacks aren’t always caused by our own carelessness. Many times they are but sometimes they aren’t. I do have some ideas I’m willing to share what I’ll be doing.

A quick disclaimer. These are not a guarantee you will be insulated from social engineering. Nobody can guarantee that. With that, let’s begin.

Your Data Is Not Isolated

When we open a new account anywhere, we tend to think our data is separate from each other because the companies we deal with are owned by different people. To a certain extent, yes they are. But these stories tell us that social hackers don’t need all data from one place. That would be best for them, but it’s not necessary. They just need a little bit from here and a little bit from there.

Don’t just secure everything to do with banking, finances and the likes but leave other areas of your digital life open.

I pay a lot of things online. Where possible, I will choose not to store my credit card information with a company. More inconvenient? Yes but very much worth it I think. Where PayPal or Amazon and even Apple is involved, I don’t have much choice. Even so, I will investigate my options with fresh eyes.

Review Emails

With Honan and my friends, their weak link was Gmail. At that time, the advice was not to use Gmail for important things. Or at the least have double authentication turned on. Hiroshima had the opposite advise – to use Gmail and not an email of a domain you own. The followup report from Droplr CEO Josh Bryant correctly pointed out that using Gmail does not guarantee security.

Many large company’s security is only as good as the person answering the phone.

I agree with Bryant. I quit using Gmail on important stuff and even for domains. I’m not all that confident they can be any better. I’m sticking to email addresses from my domain and other places I shall not name. Since my friends’ incidents, I have spread my risk out to a different email addresses. Not the ones I use publicly.

After this, I will go back and fragment this even more by using several domains. I’m not sure this will be any better or worse but I think it would be better. Which leads me to the next point.

Domain Registrars

I’ll be going back and transferring several domains out of GoDaddy and their reseller account. Although I have two accounts but their reseller is still GoDaddy and prone to the same problems.

I don’t necessarily despise GoDaddy. I know of lot of people have a bone to pick with them. Personally, I’ll never host with them but they’ve always been good to me for domains. Besides, just because the vulnerability is with GoDaddy doesn’t mean other companies aren’t prone to the same loopholes.

I won’t be closing it out, just spreading the domains out to different places. Especially high value domains.

Private Registration

I struggle with this all this. We own a lot of domains. To make them all private – yikes! That’s quite a chunk of money out the door. I have some domains private but I will now select a few more to make private.

Home Address

For public domains, I’ll continue to use an address that is not my home address. This has been my protocol for years. Now, I’ll be going back to change other information with other companies (where possible). This includes public records we might have with the local and state government.

This isn’t just for privacy but the fact that it can be socially engineered in combination with your domain registration warrants a second or third look.

Amazon & Amazon Web Services

I will be taking Bryant’s suggestion to separate out Amazon (mostly personal use) from Amazon Web Services account. I have a lot of things on Amazon Web Services. While I haven’t quite built our technical infrastructure there, there are plans that could include that. Still, a lot of my products are there. I have a copy, but losing access to AWS will cost me in the form of time.

Connected Services

Usually, I’m wary of connecting any form of services to any type of account. It doesn’t hurt to go back to look things over. Disconnect services not used anymore. While at that, remove any information that they don’t require.

Dual Authentication

Turn on dual authentication wherever possible. We have Duo running on a some WordPress powered websites too.

Watch What You Share

Many of us already practice this. I’ve always tried to filter my words and everything put out on social media. Heck, even on this blog. I hesitate to write this post because I really don’t want this information be socially engineered on me. It’s not perfect. Things spill out somehow. Maybe not today, but sometimes, somewhere. When your guard is down.

Irregardless. Start new habits when it comes to social media and your blog. Watch everything you post and share. I don’t just mean when you are going out of town. Review too stuff like birthdays. Images with location tags. Quiz results. Ok, I’m not sure how a quiz result could be detrimental yet 😉 but you can tell I’m a little shy of paranoid.

Each bit of info you put out is nothing on its own. But put together, they say volumes.

Long story short, just… be careful.

This is certainly not an exhaustive list. It’s a start.

Can you think of anymore? What do you do that I’ve not covered?

Do You Want A Hands-Free Business?

Then get this guide to help you systemize your business so you'll have more time working on your business.

!
!

Hey! I want to make sure you know what you're getting here. In addition to the guide, you will also receive our memo that includes special offers, announcements and of course actionable information.

Terms and Conditions checkbox is required.
Something went wrong. Please check your entries and try again.
Facebook Comments

10 Comments

  1. ruthiedenise on January 30, 2014 at 4:48 pm

    Hi, thanks for the advice.  I will go back and check all my stuff.



  2. RhondaWhiteBiz on January 30, 2014 at 6:11 pm

    Lynette, it IS so scary with all the hacking going on…you’ve given lots of excellent advice and I really appreciate your insight on this topic.  Thank you.



  3. LChandler on January 30, 2014 at 6:28 pm

    You’re welcome ruthiedenise . It’s probably a good idea to review all this stuff periodically.



  4. LChandler on January 30, 2014 at 6:31 pm

    You bet is is RhondaWhiteBiz . I so wish we didn’t have to do this. Bad people spoil everything good. My suggestions aren’t fool proof. I just know the more that you have out there the easier it becomes.



  5. skuman on February 3, 2014 at 3:23 am

    Hi, what problems have you been experiencing with Godaddy as I have quite a bit of stuff with them



  6. LChandler on February 3, 2014 at 11:36 am

    @skuman  I personally don’t have huge problems with GoDaddy. I just don’t like the way their hosting is done. In the past their servers were all Windows servers and that’s often a nightmare. Webservers are dominated by Linux and they just work best with Linux and its variations.

    I know they have cPanel/Linux servers now but I still don’t like their web hosting process.

    Other than that, I don’t have major issues.



  7. valselby on February 12, 2014 at 6:38 pm

    I remember everyone going through the hacking and it was frustrating to hear all they were going through. It wasn’t people that are prone to leave accounts open to hacking. Which in turn made me start to worry.

    I know nothing is hack proof and we just have to take the extra steps to be as secure as possible. I too spread my domains out a little bit. I also have two different hosting accounts. If one goes down or is hacked then I should be able to get up and moving quickly on the other one. **fingers crossed** I never have to worry about it.



  8. LChandler on February 13, 2014 at 5:33 pm

    valselby  yup. My biggest concern is, it’s really tough for us to see the forest for the trees. It’s the time these people spend to piece things together so they can see the loop holes in the big picture. That is scary.

    Thanks for sharing your thoughts Val!



  9. Chris on March 5, 2014 at 8:59 pm

    LChandler ruthiedenise  

    Hi Lynette, 

    I just found your blog and it is great!!  I am still working through the problems of my computer being infected with a virus that gave the originator access to all my files, email accounts, personal information ( bank, credit, social and much more) in addition to my passwords to my hosting account.  They used my new business domain to send out spam in untold amounts.  I am still trying to change and protect my name, credit and anything else that was accessed.  I did not know this was happening because the virus had shut down my firewall and virus protection and the ability for my software to let me know this was disabled.  I am sure you understand so I won’t bore you but for all who read this its a warning.  Get the best Protection for your website, computer and anything else that you use to conduct personal or business on the web.  Also, find the best backup company you can and using 2 or 3 different ways to backup is better.  And the last but probably the biggest warning is not to keep personal data on your computer.

    Thanks
    Chris



  10. Chris on March 5, 2014 at 9:04 pm

    Hi Lynette, 

    I just found your blog and it is great!!  I am still working through the problems of my computer being infected with a virus that gave the originator access to all my files, email accounts, personal information ( bank, credit, social and much more) in addition to my passwords to my hosting account.  They used my new business domain to send out spam in untold amounts.  I am still trying to change and protect my name, credit and anything else that was accessed.  I did not know this was happening because the virus had shut down my firewall and virus protection and the ability for my software to let me know this was disabled.  I am sure you understand so I won’t bore you but for all who read this its a warning.  Get the best Protection for your website, computer and anything else that you use to conduct personal or business on the web.  Also, find the best backup company you can and using 2 or 3 different ways to backup is better.  And the last but probably the biggest warning is not to keep personal data on your computer.

    Chris