If there is one good thing to come out of the Liberty Life hacking drama that ruined everyone’s Saturday night, it may be that people finally realise how insecure email is.
Once designed as a means to send simple text messages over the nascent network that would evolve into the internet, email is now the backbone of global communications.
Email may be a gift for communications between people, but also a gift to hackers – who need only infiltrate our inboxes to get a snapshot of our lives and access to our most intimate information.
Forget the grandparents getting baby pictures and the rest of us receiving company memos and internal communication. Think for a moment how much crucial and confidential data is in the average inbox, information that could so easily be used for nefarious purposes by cybercriminals. Banks send us our monthly statements, service providers send their monthly bills, financial service providers like Liberty send quarterly and annual updates, and cellphone operators send us itemised invoices.
If you want to hack someone’s life, hack their email – as was the case with the Democratic National Convention when it was infiltrated by Russian hackers in 2016 before the United States elections.
Worse still, email is usually the first avenue to resetting a password. Once compromised, a hacker could conceivably reset passwords to a range of services and the victim of hacked email could be the victim of a lot more.
With any luck the government will finally enact the Protection of Personal Information Act (POPIA) this year, giving us consumers some added protection for data breeches of our personal data – over and above the reputation damage suffered in such breeches.
I’ve lost count of the conversations I’ve had with people who ask me to “email a copy of your ID” or worse, a copy of my passport. At least now I will probably have to stop apologising for seeming to be unnecessarily paranoid by refusing to do something so foolish. I hope.
Email is the perfect example of the trade-off we are forced to make between convenience and security. To make something easier to use and more accepted, service providers often have to make things less secure.
How do you make yourself more secure?
If you have a simple password for your email, change it now. Make it difficult to hack – which means don’t use a simple word from a dictionary or the name of your child or pet. (It’s for this reason I’m calling my next dog “Password”.)
Likewise don’t use the same password for more than one online service – especially not banking. If you have change them all right now. Better still, use a password manager like LassPass or 1Password – which will generate secure passwords for you. It is okay to write your master password down, just never store in on your computer.
Use two-factor authentication for your email – and all social media and other accounts that offer it. That means you get sent a SMS with a one-time pin (OTP) to log on – or use Google’s Authenticator app that generates such OTP codes.
It’s only going to get worse, so harden your security before you get hacked. You’ve been warned.
This article first appeared in Financial Mail