How to improve the security on the tools/apps you use to prevent hackers from accessing your accounts.
Assume we are targets for hackers, as we have access to loads of (customer) data. With CRM access, it’s easier for them to target people with social engineering.
A known form of this fraud is CEO fraud: https://www.knowbe4.com/ceo-fraud
Make sure you use unique passwords for each website. Let’s say you’re a designer and you use Adobe and Canva. Who cares if someone gets access to my Facebook posts, right? Both Adobe & Canva databases have been leaked (in 2013 and 2019 respectively) source. Hackers buy these databases on the dark web and combine them. It’s easy to lookup in the hacked Adobe & Canva databases ‘which users are in both databases AND use the same password?’ The next easy step is to try and login to Gmail with the same username & password.
If you use the same password on Gmail and Canva, the hacker now has access to your Gmail. From Gmail, they can easily reset your password for LinkedIn & Facebook and gain access to all your social media accounts. Scary right?
In this article, I’ll explain how to protect yourself (as much as possible).
There have been ‘good guy’ hackers that are also buying these lists and you can search for yourself to see if your email pops up in the hacked databases.
I hope you enjoy reading this free chapter.
You can solve MOST problems by having a unique passwords for each tool. Hackers are getting smarter as well. So adding the first letter of the website you’re logging in is not making it unique. So password ‘loginFACEBOOK1’ doesn’t cut it.
Here is an example of a strong password: f3cU#V#hdaoOv7N1qV!5
‘How will I remember?’ You don’t. Save your password in a password manager like Lastpass of 1Password.
If someone gets access to your email, they can easily ‘forget password’ and gain access to any other accounts. Your email is the most important asset to protect.
For your work email, you have to give up a restore email. If that is a Gmail or Hotmail account that uses a weak (or same) password, this is still a way in. Lock up your personal / private accounts as well. If a hacker can get in your secondary account, they can ‘forget password’ the primary account.
A way to fight against hackers getting access to accounts is setting up 2 factor authentication (’2FA’ from here on). Next to a username and password, you have to give a third code/signal that changes every minute. This makes is (nearly) impossible to hack. In Dutch banking the edentifier is an example of this. Luckily, this is getting more popular and some tools even require this method.
Unfortunately, phishing happens a lot.
Some of these website are VERY convincing and hackers create beautiful website that look 95% like the website of your bank or Gmail.
If you see one of the above signals, do not click on anything and immediately report the suspicious message to your team. Don’t forward the email (because someone else might click on it) - send a print screen of the email to the person responsible for security in your organisation.
If you click on the link and login to the fake website, the hacker has gained access to your strong password. This happens so often that we want to categorically want to protect against it. Assume your password is already stolen, even if it’s a strong & unique password. With a 2FA layer, a hacker still can’t log in and steal data.
2FA basically is a way to secure yourself with a second device. If you log in on a laptop, prove it’s really you on your mobile phone. Examples of 2FA are:
For a lot of tools & apps, login with Google or Apple is the new standard. If you don’t have a password, it also can’t be stolen.
Make sure the Google account is properly secured. Find out how you can improve here: https://myaccount.google.com/security-checkup/2