Your telephone and email are vulnerable points of attack by hackers, but you can guard these portals with simple security steps.
Ed Bott with ZDNet.com reports on devastating hacking incidents that could have been prevented.
“What happened to my ZDNet colleague Matthew Miller this month is the stuff nightmares are made of,” Bott writes. “The title pretty much says it all: ‘SIM swap horror story: I've lost decades of data and Google won't lift a finger.’”
Bott explains that Miller lost his identity to hackers who convinced T-Mobile to issue a replacement SIM and exposed his primary phone number. They reset passwords on his Gmail account, “which pretty much gave them unfettered access to his entire identity,” Bott recounts. “They then proceeded to shut down his Twitter account, wipe out everything associated with his Google account, and even access his online banking accounts.”
Miller’s ordeal brought to mind a 2012 incident involving Mat Honan, today the San Francisco bureau chief for Buzzfeed. Conan wrote about his experience at the time in a Wired article: "How Apple and Amazon Security Flaws Led to My Epic Hacking."
“The lesson from both of these horrifying experiences,” Bott writes, “is that your primary phone number and your primary email address are far more valuable than you think. As our reliance upon online services grows, these two data points are extremely common means of authentication.”
Bott offers tips to protect your phone and email data from attack outlined below.
• Improve security on your mobile phone account.
Ask your mobile service to add a separate security PIN or password to your account, which is a standard, yet often unknown, option. (This is different from a SIM password/PIN, which prevents your physical SIM card from being removed and automatically activated in another device, explains Bott.)
Your mobile provider may also have the option to flag your account for extra security to prevent unauthorized number porting or SIM-swapping. “The most inconvenient scenario is you'll have to show up personally at a local office, with photo ID, to recover from a damaged device,” Bott notes about adding this option.
• Beef up your email service to a business-grade account.
There is typically a fee for enterprise email service, but it comes with enhanced technical support which could help you retrieve lost data more quickly or walk you through additional security features.
• Don’t store passwords with a Google or Microsoft account.
Bott notes that hackers gained access to Miller’s passwords once they compromised his Google account. “I'm of the firm belief that using a third-party password manager is one of the most valuable security precautions you can take,” he writes.
• Remove the option to use your telephone for authentication.
Your phone is typically the first device that a service will use to help you reset your password through two-factor authentication; that’s why SIM-swapping is so harmful to your online identity.
“Whenever possible, remove the option to use that phone as proof of identity and use an authenticator app or a saved code you previously generated. This strategy forces you to use a trusted device as an authenticator,” recommeds Bott.
• Backup and sync your information and files.
Regularly backing up your data to the cloud, with redundant locations, will help ensure that a single point of failure doesn't cause you to lose data.
“Probably the most heartbreaking part of Matthew's story is the possibility that he'll lose not just tax returns and other important documents stored in Google Drive but also ‘thousands of photos that may be lost forever if Google won't work with me to get my account back,’” Bott writes.
Contact us if you have questions about how Sinu works to keep your data and devices secure. You can also compare Sinu’s recommended data backup solutions with our free download, “How to Choose a Backup Solution for Your Organization.”