The following is adapted from an article I wrote for the Spring 2010 issue of the newsletter of the Association for Conflict Resolution’s New England Chapter. My colleague Tammy Lenski and I were invited to offer our best advice to ADR professionals seeking to make the most of the web. Tammy’s article, “Top 10 tips for using social media in your ADR marketing plan“, which she has republished on her site Making Mediation Your Day Job, focuses on smart social media strategies. Mine looks at ways to play it safe in your online life to protect yourself in the real world. Thanks to abundantly patient and discerning editor Louisa Williams for all her hard work in bringing these articles to press.
* * * * *
“Have hot sex longer.” That’s not advice from Dr. Ruth Westheimer. That was the surprising private message (edited so as not to offend readers) I received from a contact on Twitter – a respected professional with a reputation to safeguard. Luckily for him, I did not take offense. I immediately realized what had happened: a digital vandal had hijacked his Twitter account.
As so many of us increasingly rely on the internet to communicate, transact business, and network, these kinds of incidents become more common. Fortunately, there are ways to be both safe and smart. Two categories of must-have protection can secure your online life: protecting your data and protecting yourself.
Data protection involves two steps: securing your files and your online accounts from unauthorized access; and backing up your hard drive and your online accounts in the event of software or hardware failure.
Following the hack of a popular web site, a data security firm analyzed user passwords to generate a list of the worst offenders, proving that far too many people use “123456” or “iloveyou” as easy-to-guess passwords. According to the firm’s CEO, “with only minimal effort, a hacker can gain access to one new account every second – or 1,000 accounts every 17 minutes.” Those are sobering figures.
To protect your (and your clients’) data, replace easy-to-guess passwords with unguessable ones. Online security experts recommend using combinations of upper and lower case letters, numbers, and special characters (such as ^, %, or *) to make it tougher for wrongdoers to access your accounts. Changing passwords regularly is also good practice – and mandatory if you believe an account has been compromised. It goes without saying that if you write down your password, keep that paper separate from your desktop or laptop, concealed from prying eyes. Also avoid using the same password and user name across numerous sites; hackers count on you to make that mistake. The challenge, of course, with having strong, multiple passwords is remembering them; you can find some great tips on the site WikiHow on “How to Create a Password You Can Remember“).
When it comes to digital data, Murphy’s Law applies: if something can go wrong, it will. Your hard drive crashes, a thief nicks your laptop, or a hacker targets your site. When it comes to readiness for such events, prepare as if disaster will strike. Make a list of all the online accounts and web sites you have. Then go through that list and ensure you have back-ups of everything you care about. Have a plan in place and everything you need organized and at hand so that if the unthinkable happens, you’ll be ready. Last summer, this is what kept my own brush with hackers who vandalized my blog from being an unmitigated disaster.
Back-ups aren’t just for web sites, by the way. You can back up your contacts and profile information on LinkedIn, or information on social media accounts like Twitter and Facebook. Of course, in addition to your online accounts, remember to back up your hard drive. The most cautious among us rely on external hard drives and flash drives, as well as online backup service, so that if anything happens to your physical equipment, your data remains safe on the web. Choices for online backups include Mozy, Syncplicity, and Carbonite, which work for both PCs and Macs.
The authors of negotiation classic Getting to Yes warn negotiators to “be trustworthy, not trusting.” The same wisdom applies to negotiating the web and your online relationships.
To protect a hacker from hijacking your online accounts, be careful where you click. Phishing scams abound on social networking sites like Twitter and Facebook. The misuse of URL shorteners such as bit.ly or tinyurl.com contribute to the problem. URL shorteners are great for reducing long URLs for quick copying into email messages or posting in online forums. For example, for a link to an article by Leonard Riskin on his famous Grid, I turned the unwieldy
But URL shorteners can also be misused by hackers to conceal the true identity of malicious sites. In the case of the poor professional whose Twitter account was hijacked, he made the mistake of clicking on a link he assumed was safe, allowing a scoundrel to gain control of his account and send offensive messages under his name. Before you click, use tools such as LongURL to reveal the actual site and protect your reputation. As one expert on online security warns, “Never assume a link is safe just because a friend sent it to you”.
Protecting your personal property and physical safety is important, too. People routinely announce their locations or vacation plans to their followers on sites like Facebook and Twitter, unwittingly signaling to web-savvy thieves their absence from home. One site, the pointedly named PleaseRobMe.com, monitors Twitter for such updates. Take care as well using sites such as TripIt, which allow you to share your travel itinerary with your contacts on networking sites – which is fine if you trust and know every one of them well (although read on, please, before you say yes).
The internet enables us to network easily. It’s human nature to be flattered when someone invites us to join their network or be “friends.” But too many people promiscuously accept invitations to connect, as I learned first-hand. I recently inventoried my own list of contacts on a popular professional networking site, conducting some online detective work on the ones I didn’t know that well. To my dismay, I discovered people stripped of professional licenses and one convicted felon, proving the enduring truth in the old aphorism “on the internet, nobody knows you’re a dog.”
The moral of the story: before accepting any invitation to connect, be sure you know whom you’re dealing with. This is particularly true with the business networking site LinkedIn, which urges users to remember that what counts is “the quality of the connections and not … the quantity of connections.” Ask yourself, would the person inviting you to connect be someone you’d be willing to recommend to others? If not, then decline the connection. ADR folks tend to be nice people committed to getting to yes, but don’t let your good nature get you into trouble. Just say no.
The best we can do is to welcome the opportunity to connect with others but remember to conduct our due diligence. As a former US president purportedly once said, “Trust, but verify.”