There are many events in 2015 that can teach us lessons of security, but the Ashley Madison hack has many, many lessons to teach us.
For those unaware, Ashley Madison was a site where you could schedule ex-marital affairs. In other words, it was a site for cheaters. You paid a fee and you could meet up and cheat on your spouse or significant other.
Well last year, Ashley Madison was hacked. And the hackers threatened to expose the names of all of their clients if the site didn’t get taken down. It wasn’t and the information was revealed to all.
So what are the lessons learned from the Ashley Madison hack?
Don’t reuse passwords
Seriously, with so many sites getting hacked, this one should be a no brainer by now. If you do any kind of business online, eventually a site you use will get hacked and your information will be taken. Not if, when. If you use the same password for everything, then it won’t take much for someone to figure out that your Netflix password is the same as you banking password.
Pick Secure Passwords
I can’t emphasize this enough (and I have spoken about it in 3 different posts so far). Pick a strong password. You can see a list of the most commonly used passwords on Ashley Madison at this site here. And these are not special to Ashley Madison. ‘123456’ ranks at the top of every one of these lists I come across.
If you need help picking a strong password, I created a video to take you through step by step how to create a strong password that is easy to remember.
Don’t rely on your host for everything
I often hear people say things like “I use a secure host and they handle my backups.” That’s great but what happens when the host doesn’t do what they say they do.
Ashley Madison had an extra service that you could buy. When you closed you account, you could pay an extra fee and have your entire account deleted. No record of your cheating would be left behind.
Except… they didn’t do it. Included in the revealed data was accounts of people who had paid to have their accounts deleted. These people paid extra and were still outed as cheaters.
Another reason not to rely on your host is that sometimes they can turn into your enemy. For example, a friend of mine had his host disable all of his websites. Some one had hacked one of them and made changes. These changes violated the Terms of Service of his hosting company, so they disabled everything.
He had to go through the effort of proving he didn’t do it, and all that time, his websites were down. That means no income was coming in.
With your own backups stored off your host, you can bring your websites back up anywhere else, even just temporarily, until you get everything sorted out.
Security isn’t something you can ignore, and it isn’t something you can let someone else completely manage for you.