Lessons To Learn From The Evernote Security Breach

Over the weekend Evernote posted on their blog that they had detected suspicious behaviour in their network and, as a precaution, were having everyone reset their passwords.  It was the latest in what seems to be a weekly announcement of someone having data security compromised by hackers.  The problem of course is that we all have digital data – digital footprints and fingerprints – all over the Internet.  From our Facebook account(s) to Twitter to our Banks.  Even our identification to remotely access our corporate networks.  Nobody is immune but you can protect yourself as best as possible.

Identification security is something we should all be vigilant about whether it is on our smartphones, our PCs or Macs.  Security breaches happen at the weakest point so the goal is to make it difficult to discourage but also no so difficult that you yourself are unable to access your data.  Here then are a few tips that you should consider when it comes to your personal data security.

Use Complex Passwords

The most basic thing you can do in personal data security is use complex passwords.  That is, use passwords with a mixture of:

  • Upper-Case Letters
  • Lower-Case Letters
  • Numbers
  • Special Character such as @£$%!
  • At least 8 characters long

Passwords should also not be associate with any personally identifying information such as:

  • Birthdays (yours, your spouses, your children, etc)
  • Your address
  • Your National Identification/Social Security Number

Complex passwords serve as a strong deterrent for those who would potentially try to gain access to your data.  While any password can be compromised with enough time, complex ones point hackers to easier targets.

Don’t Use The Same Password For Everything

This is the most common mistake people make.  You get your complex password figured out then you use it for everything.  Think about it folks:  If I get your password, the first thing I’m going to do is try to see if that password works for other sites so I can completely compromise your bank account, Facebook, credit cards,  etc.  It’s the digital equivalent of hiding the spare key under the mat of your front door.  Your data security is only as good as you make it.

The tough part is remembering all those passwords.  I highly recommend getting a digital wallet.  I personally use eWallet from Ilium Software.  They have it for a variety of platforms including iPhone, iPad, Mac and PC.  This secure wallet has all of my passwords and even includes a password generator that I can use to create these complete passwords.

eWallet from Ilium Software

Don’t Share Passwords With Your Partner/Spouse

This one is a common practice amongst couples, especially those who are accessing the same accounts.  The problem is that if your security is breached, the hacker now has access to TWO people.  Keep your passwords separate from each other and use different accounts to access your data.

Set Your Mac or PC and your iPhone and iPad to Auto Lock

It is not uncommon for personal security breaches to happen from someone that you know such as a co-worker.  Locking your PC or Mac when you walk away is critical to making sure that people do not have unauthorised access to your data by simply walking up to your computer and accessing it.

In a How-To back in September 2012 I showed you how to enable Hot Corners on your Mac to immediately enable a blank screen on your Mac or a screensaver.  This is the quickest, easiest way to make sure your Mac is secure when you walk away:  Simply drag the mouse pointer to the designated corner and instantly your Mac is locked.

The same is true for your iPhone or iPad.  To assure security on those devices, you should have them setup to prompt for

Passcode Lock Settings on Your iPad

Passcode Lock Settings on Your iPad

a password when you turn them off. You can use the simple 4-digit passcode if you want but make sure it isn’t a repeating number (such as 1111) or the last four digits of your Social Security number, your home address, etc.  You do have the option to use a complex password in iOS as well – just look under General>Passcode Lock.  Finally, set up your iPhone or iPad to automatically erase all data after 8 attempts to access the device with a failed password.  This to can be set from the Password Lock screen.

Enable Text and Email Account Notifications

If a security breach does happen with your personal data, time becomes critical.  It does not take long for information to be compromised once someone is inside the walls so finding out they are inside is of strategic importance.  On your accounts, be sure to enable text and email notifications for any changes to your accounts.  For example:  If something changes on my Facebook account (email address, password, a device accessing my account, etc), I have a text message as well as an email sent to me.

Be careful though as you read these emails:  Hackers have learned to mimic these emails to get you to enter in your password so they have immediate access.  Check the URL of an email before you click on it.  If you are not sure if it is from who they say it is (i.e. your bank), call them.  But don’t call the number in the email (hackers are smart, remember?) but call the number on the back of your debit card or on your bank statement.

Be Vigilant

There is no 100% way to keep personal data security from being compromised at this point in our history.  All of us have a digital footprint or fingerprint.  The job we all have is to make sure that we keep that data as secure as possible.  Be diligent and vigilant and don’t compromise security for ease.  Keeping things secure is difficult and yes, a PITA (Pain In The A$$) sometimes.  But the alternative of having to spend countless hours cleaning up the mess afterward makes it worth it.


No Responses