I’m up at the SoloSmall conference today, but I wanted to put out a quick post about a story that’s hit the Internet over the past day or so. Mat Honan, a writer for Wired has posted an article about how he lost his entire digital life through a clever hack. A hacker decided that he wanted to get ahold of Honan’s 3-letter Twitter handle (@mat), so the hacker worked his way through Honan’s Amazon account, Apple iCloud account, and Gmail account in order to reset the Twitter password. Along the way, the hacker wreaked havoc on Honan’s digital life, causing Honan to be locked out of his email and losing all of the info in his iPhone, iPad and Mac. It’s an interesting read and I found it amazing at how resourceful the hacker was in using social engineering to circumvent what most people think of as secure systems.
Honan lost a lot of information – including his only copies of photos of his young daughter. Lawyers may also have valuable (and potentially irreplaceable) data that could be at risk if proper precautions aren’t taken. Of course you’ve heard a lot of the advice that’s always given in these situations – backup early and often. Keep multiple copies of valuable information in different places.
But here’s some new advice – particularly if you use Google applications such as Gmail in your practice. Try to find additional security for your accounts. Google has a great system that would have prevented Honan’s attacker from gaining access to his Google accounts called 2-factor identification. This system provides an additional layer of protection for your Google account, requiring both something you know (a password) and something you have (typically your cell phone) in order to access your account from a new computer.
Google’s system is pretty easy to use. (I can speak from experience since I set it up earlier this summer.) Whenever you use a new computer to access your account, Google will ask you for a special 6 digit code. You obtain the code in one of several ways – by receiving a text at your cell phone, through a voice telephone call, via a special app installed on a smartphone, or from a pre-printed list that you obtain ahead of time. If you don’t have the special code, you can’t access your account. If you access your account from a trusted computer, you can check a box that will let Google know that the computer is safe for the next 30 days. If you use a third-party application to access your account, you can get a special one-time password to use for that application. This system adds an additional hoop that you have to jump through every so often, but the minimal additional hassle is (in my opinion) worth the peace of mind it gives you.
We’ve written in the past about how information in the cloud can streamline your practice. But we’ve all got to be careful in how we protect the information for our own sake and the sake of our clients. We continue to recommend these tools (and I will continue to use Google applications in my own practice), but Honan’s tale reinforces how important it is to make sure we use all of the security tools available to us.