IT pros share some crucial lessons on how to avoid getting hacked.
True
Mozilla

In 2009, Scott McGready stumbled on a massive phishing scam targeting his company's email server.

Thousands of emails bombarded the company in a short period of time. They all came from the same source, pretending to be someone or something they weren't in order to lure people into clicking on shady links and giving up their personal data.

"While investigating it, I stumbled upon the phisher's database which had [the] personal data of thousands of people," McGready says. "I was surprised how little effort was required on the fraudster's part to acquire such a trove of information."


This discovery sparked McGready's interest in information security and teaching others how to protect themselves from fraud. Since then, this journey has taken him from the U.K.'s National Trading Standards department to the documentary series "Secrets of the Scammers" to his own company and beyond.

Here are just a few lessons from McGready — and some other IT professionals — about securing your personal data:

Photo by Stomchak/Wikimedia Commons.

1. Know there is a LOT of data about you online.

"Having data readily available online means that things like phishing emails can be automatically tailored to targets without much effort," McGready says.

But what does "data" really mean in this case? Um. Er. Pretty much everything. Even if we don't realize it. Something as simple as your basic browsing habits and location history can actually reveal a lot about you. Even if your name's not attached to it, a savvy social hacker could still figure something out.

2. Be aware that your friends may expose info about you — even if you're not on social media.

"We tend to share every detail of our lives on social media because we feel obliged to by peer pressure — whether that be adding your birthday to your Facebook profile because the website keeps asking for it," McGready says. But it's worse when your friend tags you in that photo from high school with your school mascot in the background and — oops. There goes another security question.

Photo by PhilAndPam/Flickr.

3. Pay attention so you can mitigate the risks (though probably not completely avoid them).

McGready recommends keeping your social media profiles as private as possible and asking your friends and family to do the same. "Even those that intentionally aren't on social media may be easily findable by their friends or family that share the 'dinner table selfie.'"

4. It's better to be proactive than wait until you're compromised.

"We hear about data leaks almost every week, it seems," McGready says. "The general public are no longer asking 'if' their data is compromised, but rather 'when.'"

This might sound scary. But it's also a good reminder to stay sharp.

Image via Petr Kratochvil/publicdomainpictures.

5. Check the Facebook apps and third-party services that might have access to your account.

"It's worth checking what data you share with specific companies and only giving out the bare minimum in case of a data breach in the future," McGready explains.

For example: Does Bejeweled Blitz really need permission to access everything you've ever put on Facebook, to post on your behalf, and to spam your friends and family? It's not just annoying — it puts you at risk if that information leaks.

6. Take some time to get rid of those old accounts.

A clever hacker might still be able to figure out something through your iwasdefinitelyacool15yearold@aol.com email address. "Many of us, myself included, also have a large number of 'dormant accounts' on websites that we no longer use," McGready says. "I'd fully recommend logging into these accounts and changing all the profile information before deleting the account."

Change those old accounts! Photo from Daderot/Wikimedia Commons.

7. Don't feel bad if it happens to you. Even IT professionals fall for it!

Georgia Bullen, technology projects director for New America's Open Technology Institute, recounts how she was hacked:

"My password wasn't secure enough and so someone had built a program that was logging into not-secure-enough accounts and then spamming."

What she felt at the time is all too familiar for anyone who's been hacked: "Embarrassed, confused, and then really worried that someone else was going to click on something from me."

8. Be smart, pay attention, and know what you're getting into with any website or service you sign up for.

This bears repeating because a little awareness can make a big difference.

Photo by Marcello Casal Jr/ABr/Wikimedia Commons.

9. Have a solid P@$$w0rds plan.

Passwords are the Achilles' heel of the modern world — but there's a trick.

"It's totally possible [for hackers] to take one password, see where you've re-used it, and then get access to those accounts as well. And that's where the bigger danger happens," explains Harlo Holmes from the Freedom of the Press Foundation.

That's why, in general, passwords should be different for every website or service used, and consist of three random words, interspersed with special characters; a DiceWare password like "correct horse battery staple" is a good place to start.

Password managers can help out by creating unique passwords for you. Which leads to...

10. Use a password manager.

Password managers can generate strong, random passwords for you. And they keep track of all of your different passwords so you don't need to memorize them yourself.

All you need to do is remember one super-secure master password in order to unlock every other possible password combination. That way, says Bullen, you  can't even make the mistake of verbally giving your password away because you genuinely don't know it yourself! (Unless it's your master password, in which case, ya know, don't do that.)

Photo by Aussie Legend/Wikimedia Commons.

11. Set up two-factor authentication (2FA) for added security.

Safety is good, but a back-up plan is even better. 2FA sends a code to a device on your person just to make sure that the person logging in is really you. Even if your password does get compromised, the hacker probably doesn't have access to your smartphone, too. (Probably.)

Mozilla's Amira Dhalla explains how it works:

12. Consider using a separate email address — with a separate strong password — for important accounts like banking.

That way, even if you do use the same password elsewhere, hackers will have a harder time getting in to your important accounts. (Make sure this secondary email account has two-factor authentication, too!)

13. Be sure to hover over links before you click them.

"Links may look legitimate, but upon hovering, they actually redirect to a completely different place," McGready says. (Don't believe me? See what happens when you click on www.upworthy.com/definitely-not-an-upworthy-page.)

14. Always double-check the URL in the address bar. (But even that's not always safe.)

Ever notice that green padlock in your browser bar? It's a good sign! ... except when it's not. As McGready explains, "While it's true that this means your data is encrypted between your computer and the website itself, it doesn't legitimize the website."

Photo by Intel Free Press/Flickr.

15. Secure your router.

It may seem harmless to use the default password for your router, but that can actually leave you vulnerable to hackers (there are even websites that can be used to find out different routers' default settings). And someone accessing your router can access pretty much your entire home network. So it's worth taking that small extra step of setting up a strong user name and password.

16. Be wary: These days, the internet is in everything from lightbulbs to baby diapers. Which is super cool! And bad.

McGready sees "the internet of things," or IoT, as the biggest online threat on the horizon. Even if you have worried about Amazon spying on you, you probably didn't consider who else could be spying on you through a vulnerable Wi-Fi or Bluetooth system built into your smart home. "The issue comes when these wireless chips are integrated by default on all products, whether the customer wants them or not," McGready explains.

Photo by Horst JENS/Flickr.

17. Exercise a little extra caution.

It all boils down to the fact that humans are too trusting.

We trust that our friends aren't going to expose our address over Twitter. We trust that some disgruntled Angry Birds employee won't hijack our linked Facebook page because we didn't pay attention to permissions. We trust the green padlock in the browser bar that keeps our credit cards secure, even if the website taking that information wants to use it for a shady purpose.

Simply put, we trust that the internet is mostly good and that people are, too.

But it doesn't hurt to double-check. For more on how to stay safe on the internet, check out these videos from Mozilla.

U.S. Air Force photo illustration/Airman 1st Class Devin Boyer.

It's hard to solve a problem you can't see — which is why McGready is so passionate about teaching online safety.

"Show the public exactly what is possible and what they should be watching out for," McGready says. "It's one thing to tell someone that a scammer can send a text which appears to be from a legitimate company or a known person; it's another thing entirely to send a text to that person's phone which comes from 'Mum.'"

There's no "one weird trick" to protect us from the dangers of technology. But we can do our due diligence — as long as we know where to start.

Update 6/23/2017: The video was updated.

True

When Sue Hoppin was in college, she met the man she was going to marry. "I was attending the University of Denver, and he was at the Air Force Academy," she says. "My dad had also attended the University of Denver and warned me not to date those flyboys from the Springs."

"He didn't say anything about marrying one of them," she says. And so began her life as a military spouse.

The life brings some real advantages, like opportunities to live abroad — her family got to live all around the US, Japan, and Germany — but it also comes with some downsides, like having to put your spouse's career over your own goals.

"Though we choose to marry someone in the military, we had career goals before we got married, and those didn't just disappear."

Career aspirations become more difficult to achieve, and progress comes with lots of starts and stops. After experiencing these unique challenges firsthand, Sue founded an organization to help other military spouses in similar situations.

Sue had gotten a degree in international relations because she wanted to pursue a career in diplomacy, but for fourteen years she wasn't able to make any headway — not until they moved back to the DC area. "Eighteen months later, many rejections later, it became apparent that this was going to be more challenging than I could ever imagine," she says.

Eighteen months is halfway through a typical assignment, and by then, most spouses are looking for their next assignment. "If I couldn't find a job in my own 'hometown' with multiple degrees and a great network, this didn't bode well for other military spouses," she says.

She's not wrong. Military spouses spend most of their lives moving with their partners, which means they're often far from family and other support networks. When they do find a job, they often make less than their civilian counterparts — and they're more likely to experience underemployment or unemployment. In fact, on some deployments, spouses are not even allowed to work.

Before the pandemic, military spouse unemployment was 22%. Since the pandemic, it's expected to rise to 35%.

Sue eventually found a job working at a military-focused nonprofit, and it helped her get the experience she needed to create her own dedicated military spouse program. She wrote a book and started saving up enough money to start the National Military Spouse Network (NMSN), which she founded in 2010 as the first organization of its kind.

"I founded the NMSN to help professional military spouses develop flexible careers they could perform from any location."

"Over the years, the program has expanded to include a free digital magazine, professional development events, drafting annual White Papers and organizing national and local advocacy to address the issues of most concern to the professional military spouse community," she says.

Not only was NMSN's mission important to Sue on a personal level she also saw it as part of something bigger than herself.

"Gone are the days when families can thrive on one salary. Like everyone else, most military families rely on two salaries to make ends meet. If a military spouse wants or needs to work, they should be able to," she says.

"When less than one percent of our population serves in the military," she continues, "we need to be able to not only recruit the best and the brightest but also retain them."

"We lose out as a nation when service members leave the force because their spouse is unable to find employment. We see it as a national security issue."

"The NMSN team has worked tirelessly to jumpstart the discussion and keep the challenges affecting military spouses top of mind. We have elevated the conversation to Congress and the White House," she continues. "I'm so proud of the fact that corporations, the government, and the general public are increasingly interested in the issues affecting military spouses and recognizing the employment roadblocks they unfairly have faced."

"We have collectively made other people care, and in doing so, we elevated the issues of military spouse unemployment to a national and global level," she adds. "In the process, we've also empowered military spouses to advocate for themselves and our community so that military spouse employment issues can continue to remain at the forefront."

Not only has NMSN become a sought-after leader in the military spouse employment space, but Sue has also seen the career she dreamed of materializing for herself. She was recently invited to participate in the public re-launch of Joining Forces, a White House initiative supporting military and veteran families, with First Lady Dr. Jill Biden.

She has also had two of her recommendations for practical solutions introduced into legislation just this year. She was the first in the Air Force community to show leadership the power of social media to reach both their airmen and their military families.

That is why Sue is one of Tory Burch's "Empowered Women" this year. The $5,000 donation will be going to The Madeira School, a school that Sue herself attended when she was in high school because, she says, "the lessons I learned there as a student pretty much set the tone for my personal and professional life. It's so meaningful to know that the donation will go towards making a Madeira education more accessible to those who may not otherwise be able to afford it and providing them with a life-changing opportunity."

Most military children will move one to three times during high school so having a continuous four-year experience at one high school can be an important gift. After traveling for much of her formative years, Sue attended Madeira and found herself "in an environment that fostered confidence and empowerment. As young women, we were expected to have a voice and advocate not just for ourselves, but for those around us."

To learn more about Tory Burch and Upworthy's Empowered Women program visit https://www.toryburch.com/empoweredwomen/. Nominate an inspiring woman in your community today!

4-year-old New Zealand boy and police share toys.

Sometimes the adorableness of small children is almost too much to take.

According to the New Zealand Police, a 4-year-old called the country's emergency number to report that he had some toys for them—and that's only the first cute thing to happen in this story.

After calling 111 (the New Zealand equivalent to 911), the preschooler told the "police lady" who answered the call that he had some toys for her. "Come over and see them!" he said to her.

The dispatcher asked where he was, and then the boy's father picked up. He explained that the kids' mother was sick and the boy had made the call while he was attending to the other child. After confirming that there was no emergency—all in a remarkably calm exchange—the call was ended. The whole exchange was so sweet and innocent.

But then it went to another level of wholesome. The dispatcher put out a call to the police units asking if anyone was available to go look at the 4-year-old's toys. And an officer responded in the affirmative as if this were a totally normal occurrence.

Keep Reading Show less