Cyber crimes are increasing at a staggeringly multi-exponential rate. Ignorance about our devices and online security is no longer acceptable; cyber crimes affect over 1.5 million victims per day. That’s 18 victims per second, 556 million victims per year, and over 600,000 compromised Facebook accounts per day. [Source] The recent Sony hack was so sophisticated the FBI says it would have gotten past 90 percent of firms. This is not something we can afford to ignore, especially for those of us who run online businesses.
“It is not really a question of whether or not we can be hacked, but when somebody cares enough to try.
. . . We have to take these small steps and be proactive, because if you get caught flat-footed the results can be disastrous. It is just not optional to think proactively about security.”
A few things prompted this podcast:
- Many of you know my site was hacked last month. These hackers used a script to run “brute force attacks” to guess my password until they were successful, then added dozens (if not hundreds) of web pages off my main directory with link bait to other sites.
- I recently interviewed Shawn Henry, the former executive assistant director of the FBI, for my new book. He was in charge of cyber crimes, and shared that many of the biggest companies in the world don’t know their systems have been compromised until months after the fact (see: Sony, JP Morgan, Target). If these billion-dollar businesses aren’t able to fully protect themselves, what hope do we have?
- Tim Ferriss’s podcast interview with FBI consultant and futurist Mark Goodman blew my mind. Goodman is the author of the forthcoming book Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It (to be released February 24). Toward the end of the call they zoomed quickly through ways individuals can protect themselves, but I felt it was important to get into more detail for beginners.
LISTEN HERE (50 MIN)
If the embedded player doesn’t load, click here to listen
SHOW NOTES AND RESOURCES
Topics we cover:
- Personal security for everyone
- Why you really do need complex passwords
- How easily people can see everything you are doing online (and grab your passwords and personal information) at public WiFi spots like Starbucks, airplanes, airports and hotels
- Key terms and basic security tools: 1-Password, 2-step auth, https, VPN
- Security and back-ups for bloggers
- Monitoring & Recovery
- How to know when someone is attempting an attack
- JB.me website hack attack debrief: what we did well, what we would do differently
- It is not just about skills and tools; the mindset you need to be successful
- Recap of key resources
Action Items and Tools:
- Personal Security Basics:
- Set-up 2-step verification for Gmail
- Get a VPN for public internet usage on all devices (Willie recommends Cloak VPN)
- Use Kaspersky for desktop security monitoring (critical if you use a PC; more optional for Mac)
- Start using 1-Password and having even more complex passwords (you can share with additional users on your team as needed)
- Tools for Bloggers:
- Wordfence Wordpress plugin for monitoring and security
- Sucuri Security (free plugin, paid monitoring, cloud proxy upgrade, basic authentication
- VaultPress for back-ups
- CloudFlare: site speed, hosting and security
- Synthesis: full hosting service for WordPress bloggers with security and backups included
- For recovering code: Way Back Machine (h/t Melissa Anzman) and GitHub (hosted repository service, aka repos)
- From Mark Goodman on the Tim Ferriss podcast:
- Stop logging in under the admin account automatically; create a user account for general daily use with admin privileges
- Update to latest OS updates right when they come out on your phone and computer
- Cover your cameras
- Get a Chromebook or similar device for travel or coffee-shop working ($199)
- Pre-order his book Future Crimes and check out his TED Talk
- Side note on file backups:
- If you don’t already, I would save all hard files in Dropbox (not on your computer hard drive). It acts like your My Documents folder, but it is backed up constantly and automatically.
- People mentioned: