Woodshedding Data Security
Posted Date: November 08 2019
At our November 4 meeting, it came (back) to the forefront of my attention that we are solidly working in the Digital Age. As musicians, we wear many hats from performer to promoter, booking agent to barista, manager to merch specialist, and the list goes on and on. At some point in this chain, you’re going to be working from a device or interface that requires two important items. 1.) A username and 2.) A password.
Not only do we need to guard ourselves against Bad Actors in the digital domain, we may need to save ourselves— from ourselves— because mistakes happen. As professionals, we can’t afford to lose our data (sensitive or otherwise) or have it be compromised. We all know the pain and hassle of having a credit card stolen. If you lose access to your email, website, or social media, there isn’t a “number on the back of the card” that can quickly set things right. I’ve put together a quick list of best practices that are pretty easy to implement. While some of these may seem like a hassle, they could ultimately save you hundreds of hours, thousands of dollars, and allow you to recover from a data breach or loss much more easily and efficiently.
Passwords
I know we have a lot to remember, and passwords can be a hassle, but they SHOULD be a hassle.
-A “good” password should be at least 16 characters long and use a mixture of capital and lowercase letters, numbers, and special characters.
-Try to use a phrase in place of a complex jumble of letters, numbers and symbols.
-A long password or passphrase that is easy to remember is much more secure than a short, difficult to remember password.
-A good password should NOT contain anything that might be associated with you (birthday, children or pet names, car make/model, instrument).
-If it’s an option, allow the use of multifactor authentication (such as sending a text to your phone) to complete a login.
Do NOT use the same password over and over. Since our login username is most often our primary email address, make sure every password is unique. If a Bad Actor gets the ONE password that you use for email, social media, your website, etc. they now have access to all of those.
Most computer operating systems, iOS devices, and password management software, can automatically generate strong passwords and save them for you. This makes life much easier. If you can unlock a computer or iPhone with one really solid password/passphrase, that’s all you need to do. Let the operating system or the management software do the rest.
Recovery Email
Some of us have one email account that is used for all correspondence, and some of us have different email accounts for personal, work, junk, etc. No matter what you do, you should set up a Recovery Email address. This is going to be an email that is For Emergencies Only. You don’t send anything from it, you don’t give it out to anyone, you don’t type it into any web forms. Make a strong password for it, and store it somewhere safe. Let’s suppose you have one email address to rule them all, you’re on a friend’s or public computer, and you enter the wrong credentials too many times. You’re now locked out. Many email hosts, website hosts, social media platforms, cloud services, etc. allow you to designate a recovery email address and in this precise instance, you get to use the fancy new recovery email address that you have waiting in the wings for just such an occasion. I am constantly amazed at how hard it is to get to any kind of Real Person for tech support from all of the tech companies, and it’s very common to abandon the account you’re locked out of and to start from scratch. This can mean lost data, hours of productivity, lost money, or all of the above.
Redundancy
Stuff breaks. All the time. Always at a critical moment. This applies to data such as recording session files, contracts, photos, copyright documents, and anything that you are pretty sure you’ll never touch again, but there’s a very outside chance you may need to revisit it. Backup your data to multiple secure places. Data that is backed up is not accessed on any kind of regular basis. It sits there, collects a bit of dust, but it’s there when you need it. As many of us are DIY’ers, I highly recommend backing up data to your local computer (the one you work from regularly), two external hard drives (that are kept offline and in different locations), and a cloud service. If all physical media gets trashed, you’ve got something in the cloud to cover you. If you get locked out of the cloud, you have physical media. There are numerous software options to easily make backups of your data on a set schedule.
Access for Friends or Family
This is something to think about as documents and sensitive content are becoming exponentially more digital and there are no hard copy backups. We ought to keep an up to date hard copy list of usernames and associated passwords for email, social media, cloud services, websites, etc. somewhere safe. This is another For Emergency Use Only situation. In the event something were to happen to me, the LAST thing my wife should have to do is plead with a social media company to take down my profile. On the more practical side, access to credit card and banking websites will make your family’s life easier, as will access to PayPal, SquareCash, Venmo, and Zelle. It shouldn’t be a monumental task to close accounts for the deceased, but most offer a way to close an account independent of a death certificate if you have the login credentials.
On a far more uplifting note, and as the holiday season approaches, I hope you are all healthy and safe, and I wish you the best for the new year.
By Executive Board Member, Pat Harris