And How To Prevent This Happening To You
You may have read about the online identity theft of a technical writer whose life was turned upside down, data (pictures of his daughter, no less) lost, untold headache, heartache and embarrassment resulting.
Additionally, you may be asking if an identity protection service like LifeLock would protect you against this type of disaster.
Let me first state that, in my professional opinion, being targeted specifically by a determined hacker would put any identity protection plan to a severe stress test.
And quite frankly, some of the problems that Mat Honan endured from this attack would NOT be covered by LifeLock or a similar service; such as lost data stored at iCloud.
Mistakes Made in Protecting Online Identity
Based on my online experience and decades of real world computing and other “life experiences”, I believe Mr. Honan took some well intentioned but avoidable risks.
Let’s look at a few of them as detailed from the article mentioned above.
- Trusting important email simply to Google (or anyone entity’s) care
- Trusting “years of files” to any one person, place, backup regimen
- Having too much “tied” together
Granted, having one’s iPhone, iPad and MacBook all compromised and wiped clean indicates a talented hacker that is hard to defend against. Here again, though, is my distaste for Apple and other hardware or software vendors who insist you “tie” everything together.
What makes things convenient for you also make things convenient for a hacker.
What to Do Instead
Just One Email Address
This is one thing not everyone can do as easily, but I have hundreds of email addresses. At first it was just to combat spam (shut off an address that had been stolen/sold/etc), but since I have found other benefits.
It amuses me when a business asks for “my email address” in the same tone they might ask my name or address, as if I have only one.
What everyone CAN do is to have a separate email address for billing issues and make that a priority email address that you check or at least forward to another. The only problem with forwarding is that you may end up replying to an email with the forwarded address instead of the billing address.
Note that in Honan’s case, the same email address found on his website (why have your email address on a website instead of a contact form? Contact form plugins are free and easy to setup and will reduce spam besides) also was what he had on file with Amazon. Bad idea.
Google Email (Gmail)
First off, if you must use Gmail for something important, either do as I do and download to Thunderbird, Outlook or another email client and backup that data like any other important data. Online Backup is a great option for getting your backups to happen automatically and get them offsite. But as you will read below, that’s not the only component of my backup plan; Honan’s iCloud was wiped out too.
Google recommends two factor authentication for logging into your Gmail account, but that requires getting a text message every time you want to login. For those of use with lots of email accounts, and logging in many times a day, it’s a hassle.
Personally, I hate webmail anyway and do not care to store my contacts with Google or anyone else.
Tying Everything Together at Apple
Personally I despise having to have an iTunes account to even configure your iPhone and don’t like Amazon’s and Google’s ties into Android any better.
That said, my Android phone uses a unique email address. I don’t use iCloud but it wouldn’t surprise me if they REQUIRE you to use the same email as your phone. BUT!
They cannot require you (yet!!) to use them for your cloud storage. Again, head to OnlineBackupSpot to find better options.
Side note: Even if I was an Apple user, I would not buy music at iTunes unless they allowed me to download the music as an MP3 file – unlocked – that I can play on any device.
Granted, those who bow down and worship at the Apple store will find this to be heresy, but so be it. Apple ain’t perfect and I got proof.
A Better Backup Plan
As I have written many times, in many places, proper computer backup is multifaceted. Multiple copies, multiple geographically independent locations, time static copies.
The one thing to always keep in mind with computer backup is to be able to retrieve the data. For instance, I have tape backups from so long ago that I know it would be a crap shoot to be able to put together a working PC and tape drive of the era to get the data off. That’s why from time to time you must adjust backup media.
Multiple Backup Methods
Let’s talk about family photos, since not only is that what Mr. Honan was unfortunate enough to lose (and I feel for him, I truly do) but it’s also near and dear to any of us who are parents.
First, let’s talk about where my videos and photos are NOT: on a PC. Why? Let me count the ways:
- Most PC’s, probably 99.99% and probably 100% of laptops use no hard drive redundancy, like RAID. Therefore, unless you use a continuous backup program – such as IDrive – you risk losing what has yet to be backed up.
- If I am using a laptop I don’t want to be carrying “personal” data here, there & everywhere unless the hard drive is fully encrypted – probably 99.99% are NOT.
- The size of photos and especially video are such that it’s not easy to have a hard drive large enough to handle it on the standard PC or laptop. Especially if you are a speed freak and have upgraded to an SSD (Solid State Drive) like I have on my computers.
- My personal PC is far more likely to get hacked than a home server like a nifty little ReadyNAS Ultra 2 Plus (that DOES have RAID if properly configured).
- My personal PC is more likely to have something accidentally deleted.
So where is my data stored?
As mentioned above, but here again if you are skimming, a true home/office server. This one is very nice but contact me at my support forum if it’s out of your price range.
Now here is that backup plan:
- First, online backup. It’s automatic, so it happens. It’s geo-diversified and available from anywhere. Just do it. You do have to make sure it’s configured properly and VERIFY! IDrive is continuous, Mozy is near-continuous. Both have generous free accounts.
- Second, local backup. Get a USB drive like this Seagate GoFlex and if you have Mozy then configure it to backup to the cloud and your local USB drive simultaneously.
- Third, safe deposit box/family/friend. I never want to tempt a hacker, but some might say “hack this”. You backup some files to an older hard drive or a large USB device then take that device – it’s now offline – to a family member’s home or maybe a safe deposit box. If you do a straight “copy” of the files you don’t need to worry about what software may be needed to retrieve the files. Write the date on it and, if you prefer, NEVER overwrite those files. If it’s a hard drive it probably should be powered up for a period of time about once per year to keep it in working order.
- Fourth, duplicates. Get a second online backup service. Create another usb drive copy at mom’s or the bank.
Before backing up, determine what data NEEDS to be backed up. And don’t use the excuse “I can get that another way” or “it’s no big deal”. It never is a big deal until it’s gone.
As for backing up email, if you use Outlook there is probably a .pst file to backup in a strangely named location deep in the bowels of your Windows profile. Find it. Make sure it’s being backed up.
If using another program, Google “how to backup {program}”. Make sure that data is part of the backup set.
Identity Theft Protection From LifeLock
No, LifeLock will not protect you from this type of hacking. Your data is not backed up at LifeLock.
What identity theft protection from LifeLock will do is give you the peace of mind of knowing that should the hacker ascertain enough information from your online activities or from hacking your hard drive to open a credit card in your name or even steal your identity they will likely be blocked from succeeding because of the LifeLock protection.
And should the worst happen, LifeLock’s service provides you with trained, experienced professionals to correct any damage done.
I had already chosen to protect my identity with LifeLock because of another event in my life that I will write about soon (an OFFLINE event), but this was certainly timely.
I have chosen to get LifeLock identity protection and with this link you can save 10% on LifeLock.
Leave a Reply