Security Basics for Writers: Protect your data or lose it

Files, whether Microsoft Word or Scrivener, represents hundreds of hours of work for a writer.  Files made of bits (1’s and 0’s).  Files that can be deleted, lost, or overwritten.  Files that can be hi-jacked, stolen, or erased permanently.

For a writer, this is devastating.  Time that cannot be recovered is lost.  Ideas that were once imagined are lost.  Moments of inspiration gone.

Protecting these files, which represent your work, becomes as important as your work.

I’ll be sharing some key ways to protect your data in this post.

First, we will look at password management and then ransomware.

Passwords

One of the most common mistakes people make is that people use the same password across multiple accounts.  I’ll provide an example and walk you through why this is a dangerous practice:

  • You create an email account: authorsam@someemailservice.com, with a password: “Ilovewriting3”
  • You register an account on several websites that provide advice and resources for writers, using the email address and same password.
  • You register a Facebook and Twitter account using the same email address and password.
  • You create a bank, Amazon, LuLu, and Fedex account, again using the same email address and password.
  • A hacker detects a vulnerability in one of the websites that provide advice and resources for writers.  The hacker, using a method called SQL Injection, is able to access the entire database.
  • The hacker is able to retrieve all of the email addresses and hashed passwords (think of them as encrypted passwords).
  • The hacker does his/her hacker magic and does a brute force attack on the hashed passwords.
  • The hacker is able to retrieve your password, so now he/she has your email address and password.
  • The hacker is able to login to your email account and downloads all your emails.
  • The hacker is able to see that you have an Amazon account and tries the same email account and password.  He/she is able to login and go on a shopping spree.
  • The hacker is able to login to log into  your bank and transfer money.
  • The hacker is able to access your social media accounts and for fun damages your reputation with scandalous and controversial posts.

Ransomware

What it is: Ransomware is where an attacker hijacks your data.  From a technical aspect, it is software that encrypts your files so that they are unreadable. You are given the option to pay for a code to decrypt the files. To enhance the experience the attackers provide customer service that rivals most Fortune 500 companies. Their goal is to make money.

How it happens:  There are multiple attack vectors (security talk meaning ways you can be compromised). I’ll cover a few of the most common methods.

(1) Phishing.  Phishing is where an attacker sends a fake email that encourages you to take an action that infects your computer. The email may appear to come from your bank, the IRS, a funeral home, an email provider, or an award/sweepstakes company. The email will attempt to create a sense of urgency in one of three ways – to gain something, to prevent losing something, or prevent you from missing out on information or an event.  The infection occurs when you open an attachment, click a link, or through an unprotected site.

(2) An infected site. You can be infected if your visit a website that wasn’t protected and has been infected and you do not have the appropriate protection in place to prevent infection.  The key is that the website does not have appropriate protection and you don’t have appropriate protection for you to become infected.

(3) Scripts and executables.  This attack vector depends on tricking you into running a script or executable (computer program).  A script could come via email or through a download.  It could be an infected program you downloaded, such as an editor or utility.

There are many other methods and variations, it is really a full-time job trying to keep up on this.

How to protect yourself:  

Educate yourself.  Invest 30 minutes a week to stay on top of security related matters.  The United States Computer Emergency Readiness Team provides great resources: https://www.us-cert.gov/home-and-business.

Learn how to check to make sure your computer and anti-virus software are updated and check often.

Make backing up your data a habit.  There is an overview of various methods to backup your data:

Good: Saving copies to an external USB drive. The risk with this solution is that if the USB drive is plugged into your computer when it is infected, you risk losing the data on that drive too.

Better: Save copies to cloud drives. The improvement over the USB drive is that it can’t be lost or stolen.  However, it is still subject to being infected.

Best:  If you can afford it, use a service like Carbonite, which is a backup service – their job is to backup and protect your data. However, if you are unable to afford it, another way to protect your data is simply to email it to a secondary account.

Create a secondary email address.  For example, if you use authorandrew@gmail.com as your primary email address, create one called authorandrewbackup@outlook.com.  Then send the backup from the Gmail account to the outlook account.  Also, be sure to use different passwords!

 As with any work that involves data, security is something that cannot be ignored.  The risk is too great.  Ignoring security will eventually lead to regret.

You don’t have to be an expert but rely on experts.  Use good anti-virus software and backup protection.  Most importantly, practice safe computing

Leave a Reply

Your email address will not be published. Required fields are marked *