A few days ago, I noticed that my long-time nonprofit technology colleague, Ruby Sinreich, had her digital life hacked and stolen from her. The hacker accessed many of her accounts and locked her out, and took over her Twitter, deleting her followers and changing the profile. Chronicled on her tumblr blog, it took her days to reach humans at different platforms to get help, faced many challenges, and all the while the hacker teased her and tried to sell her Twitter account on a hackers forum. She was able to finally take back control of her accounts after a very stressful ordeal.
This could happen to any of us. So, how can you make your social media and other account more secure?
Twitter and other social media services offer verification logins. That means if try to log on from an unfamiliar IP address, the service will send a code via SMS to your mobile phone and you enter that code. That way only you can log into your account. Here’s more on Twitter’s verification logins and here. You can enable this for both Google and Facebook. For Google, it’s under Account -> Security -> 2-step verification. For Facebook, it’s Account Settings -> Security -> Login Approval. Twitter, it’s under Account -> Account Security -> Require a verification code when I sign in. As soon as I read about Ruby’s ordeal, I enabled this on my accounts.
It was minor inconvenience at first having to reset these accounts on my desktop, laptop, tablet, and mobile phones, but better to be safe than face an ordeal like Ruby’s. There are also some issues if you want protect both your personal and organizational accounts, as the verification is one account per mobile phone number.
Every so often, it is a good idea to do security and privacy assessment of your Internet presence. Tactical Technology as a terrific resource, Security in A Box, that helps you do a security tune-up for personal or organizational accounts. Privacy is also important. Here are some best practices based on this infographic and the Me and My Shadow site from Tactical Technology. The shadow site has a terrific tool box that helps you understand what pieces of your identity are being left online if you are using the Internet.
Have you done a security and privacy audit for your personal and nonprofit’s accounts?