We’ve all heard about high-profile politicians, celebrities, and business leaders who’ve had their emails hacked and personal and professional details spilled online.
But famous people aren’t the only ones at risk of having their emails hacked. It happens to thousands of people each day.
For example, a CEO I know stresses security, as should the leader of any organization today. In fact, he cared enough to recently pay for a comprehensive enterprise security audit.
The good news? His organization was technically secure. With appropriate firewalls, encryption, and security policies in place, he learned his networks were reasonably secure, and he discovered some technical improvements that would make his systems even more secure.
The bad news? Many of his people were vulnerable to powerful social hacks, and not just his less-technical staff. The CEO himself was vulnerable!
Without knowing it, he gave his password away to a stranger during the audit.
Social hacking is surprisingly successful.
How could this be? The culprit is the ingenious social engineering that hackers have been employing with surprising success.
In his case, he received an email that appeared to be from his email provider or someone he trusts. The email asked him to update something in his account, and it provided a quick web link. Harmless, right?
The email was from a stranger. The CEO clicked the link and unknowingly entered his username and password into a third-party website. He did this once. He did it a second time. He even did it a third time. Three times!
Lucky for him, this rogue site was created by the security auditors he’d just hired, so it was harmless.
There’s a fix that goes a long way to making email and other accounts far more secure: two-factor authentication.
If you don’t have it turned on for your email account, stop reading this now and turn it on. If your email hosting provider doesn’t offer two-factor authentication, change your email to a provider that does.
Two-factor is powerful because even if a hacker has your credentials (and hopefully they never will), two-factor authentication requires a second temporary code, typically sent via a text message to your phone before you or anyone can sign in with a new device to your account.
In the case of this CEO, even if he entered his credentials into a rogue site, hackers wouldn’t be able to log in to his account. They wouldn’t have his cell phone to receive the temporary code. Two-factor also protects users who use the same password across multiple sites. Reusing passwords is by many considered a poor practice, but it’s far worse without two-factor authentication.
Security is a priority at Tiller… and Google
At Tiller, we’ve built our service around Google Sheets in part because of the security that Google provides. Google has made a significant commitment, visible and invisible, toward security.
Google’s chairman has said, and many agree, that their systems are more secure than those of the US government.
But have you enabled their best security features? To benefit from the full security toolkit that Google has created, and to leverage their strong commitment to security, you must use two-factor authentication.
I use two-factor authentication. My family uses two-factor. Everyone at Tiller uses two-factor. You should too.
To enable two-factor authentication with your Google or Gmail account, visit their two-factor site here: https://www.google.com/landing/2step/#tab=why-you-need-it
Beyond Google, many banks and most email providers also offer this feature. To find out who else supports two-factor, check this list: https://twofactorauth.org/