Security Spring Cleaning

I noticed on Twitter yesterday that the data breach at a marketing services firm was one of the fastest trending topics.  That means be on the lookout for emails asking for your account information; something companies will not ask for via email. Hackers were able to steal customer emails from Epsilon.  That means be on the lookout for emails asking for your account information, something companies will not ask for via email.

E-mail HackingFortunately, I’ve updated to a personal domain and the captured emails were old ISP provided addresses (xxx@bellsouth.net, xxx@comcast.net, etc.) that I’m not actively using for personal email.  I had a to-do pending to update all of my online accounts to use my personal domain.  Fortunately,  this was a spring cleaning activity I hadn’t gotten to yet. 

Here’s my plan to spring clean my online security:

  1. Go to Gmail, Yahoo or any other service and setup a new account.
  2. Make the email fairly generic but easy to remember (for example, jsmithonline01@gmail.com).
  3. Make sure you add a number somewhere in the email (see last paragraph for why).
  4. Enter your primary email as the account recovery email.
  5. Optional:  login to the new email account and setup email forwarding to your primary account.  You may choose to keep all the marketing spam mail in its own box, only saving order receipts.  Just login and clean out that mailbox every few weeks.  You might even setup a rule to forward the emails that contain shipping information.
  6. Optional – Mac users can use the Keychain to store all your passwords for free (dated but relevant tutorial here).  Or you can buy a utility like 1password (www.1password.com) that will encrypt, create passwords and store them in one place (plus supply your login info at each website).
  7. Start your inventory of major online sites.  American Express and Visa typically provide a summary report by merchant.  Go from your largest spend down.   
  8. Go to each site, login with your current username/password and change your email to the one you setup in step 3.  
  9. While you’re doing this, change your password.   I definitely recommend using a different password at each site.  Here is a great article on generating a highly secure password
  10. Log each site in a spreadsheet so you have a copy of where you’ve used this new password (if you have a Mac, use the keychain)
  11. Now here’s the great plus.  Setup a calendar reminder to change your password every 4-6 months.
  12. Finally, don’t forget to use this email going forward for new online orders.  Having a paper-based (excel) spreadsheet may help you remember this better since you’ll refer to it for passwords when you order.

Now the next time a provider notifies you about a breach, just go to your gmail account, delete it and setup a new one with next sequential number (jsmithonline02@gmail.com).  Use the list of your sites (or the Mac keychain, 1password, etc.) to login to each site and change your email.  While you’re at it, go ahead and change your password at the same time.

About the Author: 

James Garvey is a Principal Consultant for MATRIX Professional Services. He has over 15 years of consulting experience working with companies like Accenture, IBM (PwC) and several software companies. He is a technology enthusiast, spending his off-hours figuring out how to make things easier to use for his clients. You can follow James on twitter @jamesgarvey or connect to him on Linkedin.

Posted in: 
Bookmark and Share