Israeli sites are under threat of attack this week and next, starting with a Facebook virus, and it’s important to protect online information in order to prevent financial or data loss. Even if you don’t think your site is likely to be targeted, strong passwords and backups are always a good idea. Many of us don’t follow the guidelines for online security as closely as we should.
Secure Password Choices
The most basic, and often neglected part of data security is the password. Since everything from newspapers to bank websites require passwords, it’s easy to fall back on using the same password for everything. It’s a dangerous practice. If your password gets cracked on any single site, it won’t be long before the hacker finds a way to take control of several different accounts.
Lifehacker recommends a different password for every single site, and they give a few different systems for how to generate them and make them memorable. This password security infographic gives a lot of important tips, too.
One thing that I can recommend for Israelis is to use a Hebrew word without switching to Hebrew letters as a basis for a password. For example, my name Leah, spelled לאה in Hebrew. If I type those Hebrew letters without switching to Hebrew, I get ktv, which is not a popular sequence for anything. Even Wiki has a hard time giving anything interesting. If I made my Yahoo password ktV!95!oohaY (’95 being the year of my aliya, and oohaY being Yahoo backwards) the guessability of something really easy to remember is very low. If I made Yahoo into htvu (יאהו), it gets even more complex, and it’s something I can remember for every password. It’s better not to use your own first name, of course. Try for the name of your favorite singer, band, or goldfish. The important thing is to make it something easy for you, but really convoluted for someone else.
Backing up Online Information
We’re all used to backing up to ‘the cloud,’ which has a number of advantages. On the other hand, when things get hacked, even the big guns like Google have lost data as described here. It’s important to note, though, that Google was able to get that data back. The problem, therefore, is what happens if someone hacks into your ‘cloud’ account. First, you can make your Google assets – Gmail, YouTube, Google Drive, etc. – more secure by using 2-step verification. Facebook also offers a similar system.
Second, you should have more than one backup of anything crucial. Your super-sweet baby photos? Try putting them on a USB thumb drive once in a while to send them to grandma and grandpa. For business files, an external hard disk is probably a good idea. Hackers can get access to anything that’s on the internet, so you might want a drive that isn’t online – be sure to disconnect it from the computer once you’ve made your backups.
Backing up to an offsite location is also a smart idea, as an external hard drive won’t save you in the event of a fire or natural disaster if it’s sitting on the same desk as your computer. Mozy and Carbonite offer affordable plans at a relatively low cost.
Securing a WordPress Site
According to the press, the hackers currently targeting Israel will be focused on financial and government institutions, which means they probably won’t be targeting your website that sells nail decorations in Dimona. Probably isn’t good enough, though. The first and most important step is to keep your WordPress version updated – plugins, too.
After that, follow this ten point checklist.
Backing up Your Website
If your website is built in HTML, the designer probably has the original files on the personal computer used to build the site. If that doesn’t give you easy access, you can download all the website files using FTP. Dave Wilkinson recommends usingBackupbuddy to save your whole WordPress site. It’s a quick and easy solution. For the more complicated (and free) way to do it yourself, WordPress.org has a page devoted to the subject of backups.
A Few Final Tips
There’s no way of knowing how bad the attack will be or how much trouble it will cause. In the meantime, be aware of anything that looks out of the ordinary. Don’t click strange-looking links from your friends in email or Facebook. Keep your anti-virus updated. Avoid accessing websites that are likely to have been targeted in the days following the attack.
Keep track of your credit card bills and bank statements so that you can dispute any transactions that aren’t yours. Don’t accept friend requests from unknown people on Facebook, and if a friend already has an account, don’t accept a friend request from a second account without personal confirmation (chances are a hacker won’t know the name of your 10th grade history teacher with the high squeaky voice.)
In short, be vigilant. Stay safe out there, and remember…
…we survived Pharoah; we’ll make it through this too.