*ATTENTION: EXTREMELY IMPORTANT OBLIGATORY LEGAL DISCLAIMER This guide is intended to serve as a resource on the topic of email security. It is not intended to be professional advice, nor is it a complete compendium of the information available in this area. The Rocket Science Group, LLC d/b/a MailChimp expressly disclaims any and all warranties about the information contained within. In sum, while we think this is an awesome guide on the topic, use of the information contained within the guide is entirely, completely, definitively, absolutely, positively, 100% at your own risk. If you have questions or need specific advice for your situation, please contact a knowledgeable professional.
3
How To Protect Yourself
You.can.never.be.too.cautious.when.it.comes.to.protecting.yourself,.your. business.and.your.valuable.data..Here.are.some.tinfoil-hat.tips. 1..Keep ALL of your systems completely up to date..Not.just.your.operating.systems,.but.your.browser,.Adobe.Reader,.Java,.flash,.etc..These.ancillary.applications.are.generally.the.most.problematic.and.easiest.to.hack. Keep.your.anti-virus.programs.up.to.date,.and.if.possible,.use.anti-virus. software.that.has.a.firewall—or.at.the.very.least.malware—protection..Try. something.like.Comodo. 2. Run anti-virus and malware scans daily. As.in,.every.single.day. 3..Secure your networks and wifi..Do.NOT.allow.employees.to.use.their. home.computers,.guest.computers,.smartphones.or.iPads.on.your.network.. Secure.your.wifi.using.WPA2.or.stronger..If.you.have.mobile.workstations. inside.or.outside.your.networks,.never.use.insecure.wifi,.like.your.local. coffee.shop’s.connection..If.you.must.use.this.type.of.connection,.keep. your.usage.to.an.absolute.minimum...Read.up.on.Firesheep.to.learn.how. much.information.gets.transmitted.on.an.open.wifi.connection. 4. Secure your smartphone with a password or security lock..If.it’s.stolen,. call.your.provider.immediately.and.disconnect.your.phone..Passwords.are. extremely.important.when.it.comes.to.security..Use.different.passwords. for.every.site.you.do.business.with...Do.NOT.use.the.same.password.twice. (see:.Twitter Spam Attack Tied to Gawker Security Breach)..Each.site. should.have.a.unique.password..Consider.using.1Password,.KeePass.or.a. similar.utility.to.help.keep.track.of.all.your.passwords..Keep.in.mind.that. if.someone.steals.your.computer.or.gains.access,.they.can.steal.your.password.database..So.make.sure.your.master.password.is.unique.and.difficult. to.guess..Use.at.least.10-digit.passwords.with.numbers,.letters,.symbols. as.well.as.different.cases..If.you.use.the.same.password.everywhere,.it’s. extremely.easy.for.an.attacker.to.try.your.username.and.password.at.each. and.every.site.they’re.after. 5..Use a single machine for financial transactions..It.shouldn’t.be.used. for.anything.other.than.banking,.and.should.only.be.connected.via.a.wired. connection..Don’t.keep.this.computer.powered.up.unless.it’s.being.used. 6..Be careful what information you share publicly. If.you’re.interviewed. for.something.that.will.be.published.online,.make.sure.you.don’t.mention. software.vendors.or.business.vendors.you.use,.unless.you.can.be.100%. sure.that.your.software.and.business.vendors.will.not.be.hacked. 7..Never open email, IMs and social-media notifications from people you don’t know, haven’t heard from in a long time, or look suspicious. This. type.of.communication.is.often.malicious,.so.skip.it.to.be.safe..If.you’re. unsure,.don’t.reply.to.the.communication,.and.call.the.person.for.confirmation..Assume.everyone.is.compromised.
4
What To Do If You Get Hacked
Hopefully.you’re.protecting.your.data.like.a.champ.and.nobody’s.after.you.. But.if.you.do.get.hacked,.here’s.how.to.handle.it. 1..If it’s a virus or malware on a machine, disconnect ALL machines from your network immediately..At.this.point.it’s.best.to.involve.a.local.IT. company.or.consultant.who’s.trained.in.removing.malware..Don’t.turn.on. any.systems.until.the.threat.has.been.completely.removed..If.you.must.get. to.a.system,.make.sure.it’s.not.on.the.internet,.and.assume.that.anything. and.everything.on.that.system.is.infected. 2..Change all passwords, and security questions and answers that may have been affected..Make.sure.you.do.it.from.a.secure.machine—if.you. change.passwords.on.an.infected.machine,.you’re.giving.the.attacker.all. the.info.they.were.after.on.a.silver.platter..Use.a.secured.network.that. you.trust..If.your.systems.were.hacked,.don’t.trust.your.network.until.all. machines.have.been.given.the.all.clear. 3..Contact your service providers and software providers, and ask them to do a scan for potential data breaches on your account..Also.ask.them.to. lock.your.account.from.further.access.if.you.feel.the.account.is.what.the. attacker.was.after,.or.if.the.account.is.important.enough.to.lock.down. 4..Check your email. Ensure.that.there’s.nothing.in.your.deleted.items. that.relates.to.communication.with.your.service.and.software.providers. 5..Notify your friends, clients and business vendors that you were compromised..Let.them.know.that.they.shouldn’t.trust.further.communication. from.you.until.otherwise.noted.
5
The Hacker’s Life
Discussions.about.hackers.usually.end.with,.”Why.don’t.they.just.get.a. job?”.The.truth.is,.hacking.is.their.job,.and.they.often.make.good.money. (or.enjoy.what.they.do)..The.laws.in.many.countries.are.lax.enough.that. cybercrime.isn’t.considered.serious,.or.there’s.just.so.much.other.bad. stuff.going.on,.it.doesn’t.bubble.up..Many.countries.even.overlook.this.behavior.because.the.criminals.pay.off.and.support.government.officials..The. book.Fatal System Error by.Joseph.Menn.goes.into.more.detail.about.that.. Whether.someone.is.paying.government.officials,.or.the.laws.just.don’t. apply,.it.really.doesn’t.matter..These.criminals.exist,.and.they’re.out.to.get. any.and.all.information.they.can..So.why.do.they.want.your.data? 1..To target your personal and/or business finances..Stealing.financial.account.information.is.easy.these.days..It’s.even.easier,.and.far.more.useful,. to.steal.credit.card.information. 2..To target your computers and technology infrastructure..Botnets.allow. an.attacker.to.use.many.machines.to.attack.other.machines,.steal.information.and.commit.various.other.acts.of.evil..Once.the.hacker.controls. your.computer.they.can: All.attacks.are.planned..There’s.an.end.goal,.and.because.this.is.the.attacker’s.job,.he.spends.lots.of.time.planning.and.plotting.every.step..Just. like.that.new.promotion.you.planned.in.November,.the.attacker.planned. the.malicious.attack.on.your.Social.Media.Manager..Many.people.think. hackers.don’t.put.much.thought.into.attacks,.and.while.the.419 scams. and.bad.spelling.in.most.SPAM.might.make.you.think.hackers.are.stupid,. that’s.far.from.the.truth..In.the.book.Social Engineering: The Art of Human Hacking,.Christopher.Hadnagy.provides.information.on.how.much. effort.a.hacker.will.put.into.planning.and.executing.an.attack..It’s.like.a. chess.game—but.unfortunately,.most.of.the.targets.have.no.idea.they’re. part.of.the.game..If.you.have.any.type.of.online.presence,.then.you.are,. have.been,.or.very.shortly.will.be.under.attack..So.you.must.behave.like. you’re.under.attack.and.secure.your.assets.at.all.times.