Your email address may be compromised
it seems like every day we hear about another online service that has been hacked and millions of emails stolen. Sometimes it's credit cards too. We hear about it, we wonder if our data is affected but then what?
This week we took the decision to email any customer of ours that we knew had had their information stolen from a data breach. It was a decision that caused some debate within the company. Some argued that we had a lot to lose and very little to gain. The cost of generating the list and sending the alert to customers, as well as handling the queries afterwards runs into 4 figures. Some people just don't trust any business and will see the email as pure spam. Some people will blame us for a data breach. They were the negatives. But we took the position that our customers are important to us for longer than the few minutes that they are standing in our shop.
We depend on people using computers and feeling safe while they use them. So we took the view that if we knew that someone was at risk of identity theft, we should notify them.
So we created a list of customers and we sent them the information. Some people already knew about the breaches and had taken action. But a lot hadn't. We managed to help quite a few people with accounts that they either didn't know about or that they've forgotten about. Some people, those that had had their data stolen from the vtech site were stunned to find out that their child's name and date of birth were taken too. It felt good to be able to help people lock down their accounts. It was a good days work.
What to do?
The first thing to do is to change the password for your email account. But also check the account details for that account. Normally there will be an alternative email stored which could be used when the password is reset. Check that this email is one that you recognise. Check the password hints or security questions to ensure that they are yours. Changing the password to your email address is the first step. And prepare to change it again soon.
Use a password manager for your online accounts. A password manager will create different hard-to-crack passwords for each account. You only need to remember one, the master password for your local password file. There's many on the market at different prices. My only advice would be that as with any security product, buy the best that you can afford. The market leader seems to be 1password. it is available on Windows, Mac, iPhones and Android. You can buy it from agilebits.com/onepassword. But there’s also many others that are good. Lastpass.com is a popular password manager that offers a free tier for home users.
When you have a password manager, go back and change your email account password again using the new password manager.
Then you should take the time to visit your online accounts and change the password for each one. If you use the password manager you should have very different passwords for each account now. Start with the accounts that were hacked and then go to the others. if you have been in the habit of using the same password across multiple sites, you should change them all. You should change them all anyway, but I know that's going to be a pain. But definitely change the accounts that share the same password.
It’s hard to describe how important passwords are. Imagine losing your house keys. Your house could be broken into and many valuable things stolen. It would be terrible. But if a hacker has the password to your Apple account they can remotely log into your photos and download the most intimate ones. They can remotely access your iPhone and view your where-abouts at all times, knowing that you’re out late at night. They can even log into your Mac or iPhone and delete everything off it. All the stored files. All the emails. All the photographs of your children. Passwords are important.
There’s a few things that you should know about passwords though. If you forget your password and a website is able to send it to you via email, then that website is not secure and you should not give them any personal information.
Likewise, no website should ever ask you for your password by email or over the phone. There are many scams where someone will claim to be a company and will ask you for your password for security reasons. No genuine company will ever ask you for a password by email. If somebody calls you, claiming to be Microsoft or Apple and that they need your password, just hang up.
If you use Windows, ensure that you have an up-to-date Internet Security package. We recommend AVG Internet Security and have done for many years. You can buy that online or we can install it for you and run a security check on your computer. If you use a Mac you probably don't need to install Internet Security software but we recommend the following.
- Ensure your Mac is up to date. Open the App Store app and click Update All.
- Turn on automatic updates. Open System Preferences and click App Store and select the option Automatically Check for Updates. Make sure both Install OS X Updates and Install System Data Files and Security Updates are also both selected.
- Make sure the Mac only allows apps from trusted developers. Click on System Preferences > Security and Privacy and General. Check that the option under Allow Apps Download From is set to either Mac App Store or Mac App Store and Identified Developers. If it is set to Anywhere, then click on the Lock icon, enter your password, and change it to either Mac App Store or Mac App Store and Identified Developers.
- Get your software from the Mac App Store or from developers you know and trust.
You might also want to check your credit file and bank statements to ensure that there are no listings that you don't recognise. In the past we have recommended Experian because they offer a 30 day free trial but there is also a website called Noddle that offers free access to your credit file at any time.