Subscribe to our newsletters & stay updated
As with most of my columns, the content or theme comes from personal experiences. This month is no exception. Recently, my LinkedIn account was hacked. I received an email from LinkedIn stating that an additional email address had been added to my account. I then received a second email stating that there had been some suspicious activity and did I make these changes. By the time I read these emails and attempted to log in, some bad actor had changed the primary email to his own, wiped out my login credentials and essentially took over my account.
I experienced the entire range of emotions — fear, anger, self-pity and, finally, acceptance. LinkedIn is one of my primary marketing vehicles for podcasts and other services. The thought of rebuilding my 3,000-plus connections and profile was not something I was looking forward to.
Fortunately, after 10 very frustrating days, I found a contact in the LinkedIn security department (big shout out to Andrew Chung!) who helped me clear out this basement-dwelling squatter and restore control of my account. This was a tremendous relief and sent me on a quest to plug the leaks in my online boat — nothing like a swift kick to the teeth to shift one from reactive to proactive mode.
Since this incident, I have done a bit of research on how to mitigate this type of invasion in the future. Here are some challenges and solutions that made the most sense to me.
I am truly guilty of this. I have used the same passwords for so many of my online accounts without regard for the sensitivity of the product. My financial services, travel and shopping accounts used the same passwords. My social media accounts often had the same passwords as well.
In hindsight, this was simply foolish. It was like having the same key to my home, vehicles, office and safe deposit box. As an alternative, my research suggested using password management software that will randomly generate a very strong set of random characters whenever you open a new account somewhere. The program then stores this information and uses auto-fill technology to log you into the account.
This is one of the areas where autofill is positive; I will talk about the negative aspects later.
As an additional measure, I encourage you to turn on multi-factor authentication whenever possible. This is becoming more prevalent in the online world. When the service doesn’t recognize where you are entering from (either browser or IP address), a verification code is sent to your phone or email. This is a second layer of protection, even if your login and password information has fallen into the wrong hands.
Like many of you, I travel extensively and often find myself taking advantage of free Wi-Fi opportunities in hotels, airports and coffee shops. While these opportunities are certainly welcome where mobile service is limited, they come with certain potential risks. When we jump on an unsecured network, even if an access password is required, there is a chance that someone is “listening in” to our digital stream. They could gather information on sites we visit and, ultimately, capture our credentials.
Conversely, there have been incidents where malicious software has been delivered to unsuspecting users who tap into the unsecured Wi-Fi stream.
Using your mobile hotspot to connect your other devices is one way to get a tighter handle on your digital connections. Most smartphones include this feature and data usage limits seem to be plentiful. Another security solution is to use virtual private network software to secure your online connection.
These services create an encrypted connection so eavesdroppers can’t follow you looking for site credentials or secure information. They are inexpensive and should be part of any traveler’s arsenal.
If you are anything like me, online shopping has become a way of life. If I haven’t visited the UPS Store to pick up packages in a couple of days, they call my cell to check if I’m OK. Being one who believes in working smarter, not harder, I tend to take advantage of shortcuts in all aspects of my life. Shopping is no exception.
Over the years, I have allowed Google to store and fill in my address information to facilitate a quicker shopping experience. I have also had Google store credit card information to speed up the process. Google Pay and Apple Pay may feel like a wonderful convenience, but as secure as they seem, these services leave us vulnerable.
Limit the auto-fill usage to reputable sites and use other security measures, such as fingerprint or facial recognition, to authenticate the process.
Social Media Sharing
For me, this is where this whole mess started. I post information on LinkedIn. I use it to share my podcast episodes, comment on others’ postings, and generally let my thoughts be known in a limited way. I try to avoid too much personal sharing as this is a business platform.
On the other hand, I have been dragged into the more personal side of social media using platforms such as Meta and Instagram lately. I am certainly not a super user of these mediums, but who doesn’t like a scrolling dopamine hit occasionally?
Many cases of personal attacks and manipulations have occurred through these platforms, but I wanted to key in on one that has always made me a little more cautious. Travel-related posting can be fun in a “my life is better than yours” kind of way. Sorry, my Gen X cynic was feeling left out of the conversation.
Unfortunately, there are dangers in sharing when you are away from your home. A 2011 University of Florida research study found that approximately 78 percent of ex-cons surveyed admitted that social media played a role in selecting homes to target for burglary and other property crimes. These participants noted that vacation-related posts were key factors in their process.
Furthermore, social media profiles and posts can give con artists and online scammers important information. Clever criminals can dupe friends and relatives into giving up sensitive information by posing as close friends who know details about your life, such as your place of work, restaurants you frequent, your travel plans and even your personal relationships.
My intent is not to scare anyone here. I am simply sharing what happened to me and how it has helped change my thinking about cybersecurity. I am by no means an expert.
If you want a greater understanding of how your personal and business assets can be compromised, I encourage you to seek out a professional on the subject. I interviewed an expert a few years ago on my podcast; I would be happy to pass along his information.
Before I let you go, I would be remiss if I didn’t urge you to back up your data. As I was reeling with the thought of rebuilding my LinkedIn network, I cursed myself for not backing up my connections. When was the last time you backed up your critical contacts, emails and work documents? Be smart, be safe, and know I am always here to help.