Security Alert! Writers, secure your accounts!
Cyber attacks can hit anyone or anything, whether you’re just a regular person that uses the web, or a massive company with billions in the bank. You hear about them almost daily. Website hacks, phishing attempts, DDoS attacks, ransomware, malware, the list goes on and on. The consequences of falling victim to these can vary from being just an annoyance to completely catastrophic to your life or company, and unfortunately, self-published authors fall on the latter side of that spectrum. For most, your entire livelihood may exist in the virtual world – your books, publishing accounts, reputation (via your social media accounts) and even your money are only safe if you employ digital best practices when it comes to passwords and the online protections you choose to use to secure your accounts. We all think it won’t happen to us, but take it from Ginger, it can!
Hi, writer friends. This is Ginger here with a cautionary tale: Remember to secure all your accounts!
In the modern era, wars are fought on many different front lines – including the digital ones. Right now, as Russian soldiers drop bombs and rockets on the people of Ukraine, Russian hackers are also hard at work rooting through stolen information to cause as much disruption and damage as they can on the digital landscape.
You may have seen the evidence of it yourself. If you check your Spam or Junk folder in your email browser, I’m betting you’ll see multiple emails requesting password resets for accounts you own. I know I’ve seen them recently!
The problem stems from a cascade of digital information being hacked across the globe by state-sponsored hackers in Russia – forming a digital ‘front line’ in Russia’s aggression against the west.
Successfully hacking one site can reveal email address and passwords that often provide hackers with access to other accounts. For example, a data leak from HubSpot earlier this March compromised users at BlockFi, Swan Bitcoin, NYDIG, and Circle.
Given that 90% of what we as self-published authors do is conducted online, this makes us incredibly vulnerable to hacking and data breaches – and if you lose access to one or more key accounts, it could completely end your publishing career.
Sadly, I speak from experience! As I write this, my own Microsoft account has been hacked, and I’m still awaiting help from Microsoft to get it back!
In the course of an hour, a user with a Russian email account successfully bypassed my two-factor authentication, changed the email address connected to my account, and locked me out of my own profile. This means they now have access to my OneDrive, with all my finished and unfinished manuscripts stored there, and if I’d used a Microsoft email address, they’d then have had the ability to access my Amazon publishing account and put me out of business indefinitely.
I’m hopeful I’m going to be able to get my account back in the next few days, but I wanted to use my experience as a chance to warn you all to be super vigilant about your digital accounts – and provide some tips to help protect yourself.
Tip #1 – Don’t reuse the same passwords, ever!
This one might sound like a no-brainer, but I’m one of many people who simply can’t remember all the different passwords I’m supposed to have for all my different accounts, so I’ve often reused the same one for the sake of convenience. This is a HUGE vulnerability, though – because those email address and password combinations can then be provided to hackers who use “bots” to test out those same combinations across dozens of websites until they find a match. This is the reason we’re all experiencing so many hacking attempts right now – since the username and password combinations of 120 million Facebook users is currently being sold in Russia for as little as $0.10 a person.
Tip #2 – Use 2FA every time you can
Having your email and password combinations compromised seems like less of a risk than an eventuality these days, but there are additional steps you can take to protect yourself. As a self-published author, doing this for your Amazon account is especially important!
2FA or two-factor-authentication is one of the best ways you can do this. With 2FA, you’re required to provide verification when logging into a new or unfamiliar browser through an app on your phone or SMS message. Because this is directly linked to your phone, it’s almost impossible to bypass maliciously (although not completely impossible, as I had 2FA on my Microsoft account and it was hacked regardless.)
Tip #3 – Have redundancies in place!
If you felt bad for me about losing access to my Microsoft account, get the tissues ready for this: I’ve also lost access to my Facebook account right now, too! This time, it wasn’t through hacking (although I’ve had multiple attempts on my account, recently. Little do they know even I can’t access it!)
The problem arose because the method of two-factor-authentication I used – Google Authenticator on my phone – glitched out when my phone went through an involuntary factory reset. My phone no longer provided me with a valid code to access my Facebook account – which meant I ended up locked out of it completely! I’ve been struggling with this since February, and currently Facebook’s non-existent customer service means I’m not convinced it won’t be several more months before I regain access (if I ever do!)
So, don’t make the same mistake I did! Before you activate two-factor-authentication on any of your accounts, make sure you go to the Security settings and download any backup codes that might be available to you. These codes will give you a way to verify your identity even if your phone or authenticator no longer manages to.
The only problem? You can’t get them after you’re locked out of your account, so be prepared ahead of time!
Be very, very careful!
We’re currently living in an age of man hitherto undreamed of – in which some of the most valuable “property” we own doesn’t even exist outside of ones and zeros inside a microchip. Yet this property is very real and valuable to us, and we need to take steps to protect it the same way we lock our doors at night and have burglar alarms.
As an author, your Amazon and social media accounts aren’t just valuable to you – they’re often the means of supporting your families! But the sheer volume of users and the aggressive number of cyber attacks occurring these days means that most websites are woefully underprepared for helping customers restore access to their accounts.
And in many cases, it’s not just that a website doesn’t have much motivation to help you – they might not be able to! It’s reported that $3.7 billion in cryptocurrency has been lost forever because owners lost their username and passwords and the secure nature of crypto means that they simply can’t ever regain access to their accounts.
So take the time to protect yourself and your online empire. The future of your writing and self-publishing career might depend on it!