Justine: Don’t Be a Victim of Data Breaches

keyboard1In case you hadn’t heard, there was a massive data breach at Facebook this week. Over 50 million user accounts were compromised. I thought it would be appropriate to remind everyone of a few basic digital safety precautions. Below is a repost (with some tweaking) I did a couple years ago. The information I presented then is just as important now, if not more so.

The three key things to remember are:

  • Variety (as in having more than one password — there’s a tip below on how to create one that’s different for every site, yet easy to remember)
  • Frequency (backup your data frequently, change your passwords regularly)
  • Redundancy (have more than one backup, preferably a cloud-based backup as well as something local)

Keep yourself — and your data — safe!


Today’s post is admittedly not that inspiring…unless you don’t want to lose your work. Awhile back, I happened upon a post by Mat Honan about how his iPhone, iPad, and Macbook were completely erased, and his Twitter and Google accounts compromised. The hackers did it with a few digits of a credit card number that show up readily on Amazon. He lost EVERYTHING. All the pictures ever taken in his daughter’s life. Documents he saved no where else. In a word, it was catastrophic. You can read about his “epic hacking” here.

Then the other day, I had a terrible dream about my house and all of its contents going up in flames. In my dream, I said to myself, “Oh, it’s okay…I have a backup!” and then I realized that I’d been doing backups on a too-small external hard drive (I’d been putting off getting a larger one). That dream was the impetus I needed to buy a larger external hard drive, and reevaluate not only what I was backing up, but how.

I can’t imagine losing all my data. My computer is my life. I thought about everything I store there. Pictures. Home movies. MY NOVEL and all my research. What if that happened to me? How do you recover from that, both emotionally and practically? What if I lost everything I’ve been writing for the last year? (Okay, truth…some of that would be a blessing, but most of it would be a curse.)

Today I want to share ways to avoid losing everything. There are lots of posts about how to have super-complex passwords (like this one which is absolutely amazing…be sure to scroll down and view the cartoon that shows how long it can take to break certain kinds of passwords) or ways to make your computer more secure and you can check those out and hopefully begin incorporating what you learn into your daily life.

Passwords: First Line of Defense

An easy password system I’ve started using is to pick a phrase (see the first link in the paragraph above on creating that phrase), then append the first three letters of whatever site/URL I’m on to the beginning of it. For example, if my phrase is “I love hot dogs,” then my password at Amazon would be AMAilovehotdogs. At Google/Gmail, it would be GOOilovehotdogs. You can mix it up by changing the capitalization and/or adding letters/numbers to the beginning/ending of your password, but be wary of substitutions (i.e., $ for s, 1 for l, 3 for e) because hackers have that all figured out.

The beauty is that you only have to remember that phrase, yet by appending the letters of the site to the beginning/end of the phrase, each password on every site you access is unique.

What I have done is made it harder for people to hack my private stuff and easy for me to recover things should I lose it all…and pardon me from being pushy, but you should do the same thing.

You might also consider using a password manager. They’ve become more popular as folks try to create unique passwords at every site (or even keep track of the handful of passwords they use). I recently started using Dashlane (there is a subscription fee), but I have it on my Mac and my iPhone and they stay in sync. The best part is they’ll tell me of potentially compromised accounts (like the 118 websites potentially compromised from this Facebook issue) and will help me reset passwords at those sites (sometimes automatically).

Two-Factor Authentication

Another way to make it more difficult for hackers to get into your digital life is to add two-factor authentication (2FA) on your accounts. It’s like entering a second password to gain access to mail, WordPress, your bank…basically any place that accepts it.

It typically works like this: you enter your password, then a prompt comes up asking for your two-step authentication code. It’s typically a six-digit number, but some sites I access have an alpha-numeric code or a nine-digit code. You can receive the code either via text or by using an Authenticator app on your phone or computer. More and more sites like WordPress generate their own authentication approval via the phone app.

Two-step authentication requires additional setup and sometimes it’s a pain to use. For example, when you’re traveling and can’t receive text messages, you might be stuck. However, most sites let you set a backup method for generating codes. On Amazon, my primary method is to get a text message, but my backup method is to use Google’s Authenticator app. This article has some great tips and explanations on using two-step authentication.

If you’re mostly worried about people gaining access to your account remotely, you can set commonly used devices (like your laptop) as “safe” meaning they don’t require authentication, but really…if you’ve taken the time to set it up, just go ahead and use it!

Data Backup

I’m going to be blunt: if you’re not backing up your data on a regular basis (AT LEAST every day), then you’re just waiting for trouble. I take my data backup seriously. I have a Macbook Pro and use Time Machine (Mac’s built-in backup utility) to back up my entire computer to a 2 TB external portable hard drive. I have the hard drive plugged into my computer more than I have it unplugged. If you have a Mac and you’re not using Time Machine, you need to get it running. It’s super-easy to set up and takes snapshots of your computer every hour for the last 24 hours, every day for the last month, and every week until your drive is full. You can back up to any date you choose, and can encrypt the backup if you like.

If you’re using a PC, there are several good utilities out there (some of them free) that you can use to back up data. PC Magazine gives you some tips and ratings here.

When it comes to deciding on how big an external hard drive to get, cost will likely be a factor, but don’t let it be the only one. Err on the side of larger, or you’ll end up buying another one in pretty quick fashion.

Redundancy is the Key

In addition to a local external hard drive, I also backup to an online “vault.” I chose SOS Online Backup because of the ratings they’ve received over the years by PC Magazine, but there are several good alternatives out there. You just have to do some research.  Again, you can specify the type of data you wish to back up and can exclude specific directories (for example, I exclude Dropbox because they do their own backups), and while the initial backup takes a long time (if you can, connect your computer directly to your high-speed modem), incremental backups are pretty quick. I used to do backups only once a week, but now do it every 4 hours, because I spend a fair amount of time at my kids’ school. SOS is a backup for my backup, in case (God forbid) the house burns down or my computer is stolen or some other calamity wipes out both my portable hard drive and my computer (I know someone who ran over their computer with their car…twice).

Prevent Them From Getting There in the First Place

We all keep really personal things on our computer. Whatever they may be…tax records, bank statements…you should put those files in an encrypted partition on your hard drive. This means you’re creating a separate “drive” in your hard drive and you’re not allowing the bad guys in. On my Mac, unless they know the password, they won’t be able to view anything I have there (unless I have the partition open, so if you’re not actively using it, keep it closed). When you set the password for your encrypted drive, make sure it is something they won’t figure out. Not your birthday or your kids’ birthdays. In fact, the password should be something completely innocuous that would only make sense to you (go read that post I mentioned above!). You can look here for instructions on partitioning and encrypting your Mac (the built-in utilities works well), or here for PC (third-party software recommended).

National Backup Day is not until next March, but you shouldn’t wait until then to beef up your backup strategy. Take the time to figure out what your needs are, how much space you need, and what you want to back up, then make it happen! If you’ve been doing the same thing forever, then perhaps it’s time to reevaluate what you’re doing (I did!). I’d hate to read another blog post about someone whose digital life got wiped out.

Protect yourself, my friends.

7 thoughts on “Justine: Don’t Be a Victim of Data Breaches

    • If I lost my data, I’d crawl into a hole and cry. Seriously. I think that’s why I have so much redundancy. I’d much rather be safe than (very, very) sorry.

      • I read your post and realized I hadn’t addressed the off site back up. I had the same dream of a house fire and we lost everything. I did think about carrying a back-up in my purse so I could grab it on the way out. 🙂 Thanks again for the post.

  1. I lost data on a faulty hard drive before backups were common. I never recovered the data, just moved on. Now I have 2 external backups, a cloud drive, and dropbox for quick file access.
    I like your password substitution. I use something similar. Its a good way to have different passwords that you can remember. Even better, use a password manager as you suggested. I mentioned secret questions for password resets recently. Who was the best man at your wedding? Alan. HOW about – Who was your best man at your wedding? Chicken Little. The first answer is public knowledge. The second, only you know. Where was I born? In a Barn. Yes silly answers ONLY you know.

    • That’s an excellent suggestion for those guided “account recovery” questions! I’d just have to make sure I pick the same answers all the time, but if I kept to a theme (say Pride and Prejudice), I could easily make it work. Best man at my wedding? Darcy. Where was I born? Pemberley. 🙂

      I’m like you, sort of. One external back up, a cloud drive, Dropbox, and cloud backup. Plus password management and super-aggressive anti-virus software. Knock on wood, I haven’t lost anything yet, and I’m hoping it stays that way.

      • Thats pretty good for back up. We are in the minority unfortunately. For anti-virus I use Microsoft’s Defender. Its free and effective. The only issue with all of the anti-virus software – they cant help with zero day attacks. (A new problem that just starts up) We just prepare as best we can.

  2. Pingback: Michaeline: New phone, who dis? – Eight Ladies Writing

Leave a Reply to Claudia Blood Cancel reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s