I listen to the Social Media Marketing podcast with Michael Stelzner regularly. Normally I would simply share an episode like this one with you directly. But I wanted to give this one a deeper analysis because so many people I know are at risk and need to hear this.
On this episode Michael interviews Chalene Johnson and Darren Natoni. Chalene had her online identity stolen from her at great financial (and emotional) cost. She is a fitness celebrity and author of the book Push and has large followings on Instagram and Facebook. Darren is a former special agent with the DEA who specializes in online security.
Even though she has a large following this can happen to anyone. There are armies of bad guys out there hacking away at our identities and personal information every single day.
You are at risk and in this episode of The Nuclear Chowder Marketing podcast I want to give you simple tips to protect yourself.
My tips are based on the content presented on The Social Media Marketing podcast with Michael Stelzner. You can get the full story of what happened to Chalene and how she and Darren fixed it on Michael’s podcast. I highly recommend listening.
What you should know is that she lost 2 weeks trying to fix the problem with an estimated $200k in lost revenue and expense. Not to mention a great emotional toll as every aspect of her online life was breached.
Do NOT think this can’t happen to you. The fact is every day someone is trying to hack into your accounts. This can be anything from simply trying to do mischief and cause you damage. Other times it is to get control of your accounts and possibly steal your identity which can then be resold for profit. This is a big underground industry and getting bigger all the time.
My father is a police detective who handles Internet crime. And I can tell you that this is a much bigger problem than people realize.
You must take steps to protect yourself. It’s a little bit of work but the following steps can go a very long way and keep you safe.
How to protect yourself
A few pre-steps
1: Do NOT let your web browser store your passwords. Turn off and disable the browser from remembering them. Letting your browser remember passwords is not safe and can be easily compromised.
2: Do not ever click a link in an email that asks you to enter sensitive information unless you requested this. If you get an email from your bank telling you to click here to change your password, instead, go log into your bank account and change it from there. Or call the bank and ask if the email is real. You might be surprised to find it is not.
Most places like banks, credit cards and social media sites won’t send you an email with a link to update personal information unless you specifically request it.
Be VERY skeptical of emails or phone calls you receive asking for sensitive information. If you don’t know where an email came from, you might not want to click on any links.
Most people use the same password for everything they log into. If you are ever hacked they will have access to everything.
Instead, the password manager allows you to create strong passwords that you don’t need to remember. You simply remember your master password and let the password manager remember everything else.
The password manager will automatically log you in to wherever you need to go. It makes life much easier actually.
Install the password manager and create a very strong master password. Don’t use something typical. Write down the master password and put it somewhere safe like a spouse’s safe deposit box.
Once you set up the password manager it should prompt you to add it to your web browser. This will allow you to click the password manager right from your web browser to log in or use other functions.
Step 2: Let the password manager tool generate passwords. When you set up a new account or change a password just click the link for the password generator that you installed in your browser during step 1 and it will bring up the password generator.
Step 3: Use the password manager tool to keep encrypted and random answers to any of your security questions. Never answer security questions honestly because it is so easy for criminals to acquire or guess them.
For example if my bank asks me security questions, I record them in the notes section of OnePassword for easy and secure access. Now I can make it whatever I want keeping in mind it should be unpredictable.
If they ask what city I was born in I might answer something like “Spiderman Apple Pie” instead of something hackers can easily learn about me on Facebook.
Step 4: Use two step verification to login. This is an extra step in your login process that you take. So even if someone has your password they cannot log in without this second piece.
After you log in you will be asked to enter a second code that will be sent via SMS text message. Without the code, you cannot be logged in.
If the system allows, as with Google two step, you can remember the specific computer so you don’t need to enter a code every time. However you are still protected. If someone has your password and tries to login from another computer, not only will they not be able to but you will know when you get the text message.
Not every system will offer two step verification… yet. You can go to https://twofactorauth.org/ to see systems that allow two step verification.
Another great feature is that you can assign privileges to your team through OnePassword and LastPass. So instead of giving some employee or consultant a password, you create access through their own OnePassword system.
They won’t have access to everything and can’t see sensitive information. All they can do is log in to your account in a secure way.
Make sure to never send passwords, credit cards or any personal information through email, Skype or text messages. Unless you are on a trusted site that is HTTPS you should never enter sensitive information.
There is a LOT more to this. But the steps I outlined here are great first steps.
In conclusion – A simple breakdown
If you use the same exact password for everything and/or use simple passwords it isn’t a matter of if but when you will get hacked. So do this now:
- Get a password manager today.
- Create a strong master password. This is the only password you ever need to remember again.
- Change all your passwords. Do them a little at a time until you’ve done them all. Just start with the big ones like email, banks, credit cards and Facebook. Let the password manager generate a strong password for you unique for each site.
- Let the password manager store those passwords so you can simply auto login.
- Use random answers to security questions and keep them safe in your password manager.
- Set up two step verification on your email at a minimum (if supported). Here is the Google two step page complete with simple instructions.
This may sound like a lot of work but it really isn’t. Actually it makes life much easier and very secure.
And make sure to listen to this full interview on Social Media Examiner here.