You’re a celebrity and you’re worried about getting hacked—or worse—you’ve already been hacked and you’re unsure of how to use technology in a way that is safe.
First, you deserve an apology from all of us who work in tech. This should be easier and more bullet-proof, but it isn’t. We’re working on making it better.
Second, the title of this post is a lie. Nothing is ever completely safe unless you prefer to only use computers in an underground bunker disconnected from any wires. And even that may be insecure. The below are reasonable practices which will hopefully keep you safe while not making your normal usage of technology and gadgets impossible. Sadly, the only way to make sure something never falls into the wrong hands is probably to never have it in a digital form. This is especially true for those of you who get more attention from the bad guys than the rest of us—they’re always going to be trying to find the weakest link in.
Alright, let’s get started.
- Turn on two-factor verification for all of your email accounts. Here’s Gmail’s instructions. Note that you need to protect not just your primary accounts but also your backup accounts where a “recover password” email might go to.
- Use a long password which can’t be found in the dictionary. Stringing together words and phrases with numbers make great passwords. Anything long works as long as you don’t use the same password for multiple services.
- Make sure your answers to the forgot password questions are unguessable. A good way is to use answers that might be true for a friend but not for you. Remember—you’re a celebrity—people can figure out what your mother’s maiden name or your pet’s name is.
- Now, your phone. Call up your carrier and ask them to put a passcode on your account for any account changes. This isn’t something people like ATT advertise so you might need to call them/fill out some paperwork to make it happen.
- Enable a pin on your phone to unlock. Make it something unguessable. And if you lose your phone, wipe it remotely.
- Never use someone else’s computer to access any of your email or services. And never let someone else use your computer. Things get tricky when your laptop suffers a malfunction and you need to get it fixed. You need to make a call on whether you trust the employee fixing your laptop to not snoop around. The easiest precaution to take might be is to not let them know there’s something valuable to find. Create a separate account on your laptop, have encryption turned on and get someone else to take it in for repairs. Someone persistent will still be able to snoop around and get at your data but at least this way they won’t know there might be something worth finding. Or if you can afford it—just destroy a laptop when it stops working. Like I said, the normal rules don’t apply to you.
- Don’t open suspicious things, even (or especially) from people you might know. A suspicious thing could be a subject they wouldn’t write or something generic—a “check this out” with just a link should set off your spidey senses.
- Turn on two-factor authentication for every service that supports them. For example, here’s instructions for Facebook and Twitter and Dropbox and Apple.
- Send these instructions to anyone who has access to you—your spouse, your close friends, your agent, anyone who you trust. A common way to get into a celebrity’s account is to first compromise someone who has access to them but may not have their guard up (this is what the Scarlett Johanssen hacker did).
- And finally, if you never want something getting out, just don’t have it in digital form. And don’t send it to other people where you have no idea of what they might do with it. Go through your old photos and files regularly and delete anything that you don’t need and might be embarassing. Yes, this is painful but as someone under a lot more “threat” than the normal human being, you need to take more measures than the rest of us need. The list above is a good start but there are a thousand different things it won’t protect you from—being paranoid is probably a good thing to get used to.
Sriram Krishnan leads mobile monetization and publisher products for Facebook. Currently, he works on Facebook’s Audience Network and mobile app ads. Previously, he ran cloud platform efforts at Yahoo and Microsoft. This piece was originally published on sriramk.com.