White Hat Hacker And Other Security Tips To Protect Your And Your Employees' Data

Ngô Minh Hi?u served seven-and-a-half years in a U.S. prison after his conviction of running an online store that sold the stolen personal information of about 200 million Americans.

Since leaving prison, Hi?u has become a so-called white-hat hacker, attempting to protect the world from the sorts of cybercriminals he once was. As he and others have pointed out, it is impossible to create an impenetrable shield, but here are some of his tips for how you can mitigate your risks, along with some other practical online security advice.

Stop reusing passwords. It should be mandatory that all corporate passwords be changed regularly and never reused. Once a password is exposed in a data breach, cybercriminals often use it on other websites to see if it grants them access and lets them take over an account or service. Consider an encrypted password manager. Further, while cleaning up passwords, delete any unused accounts, such as vendors you no longer use, or those of former employees.

Whenever possible, use multifactor authentication (MFA) which requires a second, temporary code in addition to your password to log in to a site or service. Many sites send a six-digit code via text message or email, but the most secure method is to use an app that generates a numerical code on your phone that is in sync with an algorithm running on the site.

Of course, clicking on a link from a text message, an email, or a search result without first thinking about whether it is secure can expose your network to phishing attacks and malware. Keep all software and security patches up to date and encrypt and back up your data every day. "A Former Hacker's Guide to Boosting Your Online Security" www.propublica.org (Jan. 27, 2022).


In addition to the steps provided above, there are additional steps employers can encourage their employees to use to better protect themselves from cybercriminals.

Encourage employees to stop oversharing on social media. Much of the information needed by cybercriminals to steal your data is not stolen, but is voluntarily put on social media by their victims. If you do not want a particular piece of info about you on LinkedIn or Facebook, scrub your profile and double-check the platforms’ privacy settings to see who can access whatever is left. Those “fun” surveys about aspects of your life? They are personal data-mining tools.

Protect your phone from SIM swapping, in which a cybercriminal attempts to convince your mobile carrier into switching your number from a SIM that you control to a SIM that they control. The goal is to commandeer your phone so they can get around multifactor authentication settings that protect your financial accounts. To guard against SIM swaps, contact your carrier to establish an account PIN or create one online if you are with Verizon, AT&T, or T-Mobile. Moreover, if you switch carriers, change your PIN.

Finally, urge your employees to consider placing a credit freeze on your report, which will restrict access so that no one, even the owner, can open a new credit line while the freeze is in place. Freezing and unfreezing your credit is free, but you must contact each of the three major credit bureaus separately to do it.

Finally, your opinion is important to us. Please complete the opinion survey: