Security Best Practices for Collective Digital Studio Talent - 2016

  • January 13, 2016
Infosec

With YouTubers becoming larger celebrities every year, 2016 has started off with a hacker group getting access to YouTuber’s social, financial and management account and sharing their data via their Twitter feed. This obviously has some of talent very worried. Theories were flying: “They must have cracked 2-factor authentication!” “No, I bet the MCNs are getting hacked.”

The following is a note I sent to all of our creators regarding best practices for securing their accounts and I thought it was a good summary for everyone, including and especially Collective Digital Studio talent, so I figured I would post it here on my blog to share the info and to give people a taste of how we help our awesome talent throughout the year.

CDS Creators —

The new year is always a good time to review and update the security on your various social accounts and 2016 is no different, especially with the recent attention YouTubers have received from various hacker groups. I’d like to go through a few best practices that everyone should do, but first let me assure all of you that CDS takes security very seriously and we do everything we can to ensure your private information remains private. As for the recent threat by hacker groups, let me say clearly that no one has broken 2-factor authentication nor is there any evidence that they have hacked any MCN. It is clear, however, that they have successfully hacked many individual accounts for various MCN dashboards and social accounts like Instagram and even PayPal. To protect your accounts from hacks like that here are four things you can do right now to make yourself a harder target:

Always use 2-factor authentication.

2-Factor authentication, where your phone is required when logging in to a new computer, can be annoying at first but it is the best way to protect against people getting access to your account. Passwords can be guessed, or someone might just accidentally give it to them (though, we at CDS keep your password so secure that we don’t even know it). In those cases, a hacker still couldn’t access your account unless he also had your phone.

2-Factor Authentication is available on your Google account, but also Twitter and Facebook. We strongly recommend you use it wherever available.

Change your password regularly.

You should rotate your password at least once a year and the start of a new year is a great way to easily get in the habit. Be sure to use a secure password that is ideally not just a word and is long enough to make guessing difficult. There are several good password generators out there if you need help generating a secure password: passwordsgenerator.net

Use a different password for each site.

I know. This might sound like a huge pain, but having a different password for each site is a great way to make your online life more secure. This is important because if someone does get access to one of your accounts, they won’t immediately be able to try the same password on everything else you use.

Password management software can be a big help with this one (as well as #2) and there are really good free options available, like Last Pass: https://lastpass.com/

Review which apps and sites have access to your accounts.

Another way for people to gain access to your data without the need of a password is to simply ask for it. It’s true! Think of every app you sign in with Google, Facebook, or Twitter asks your permission for different parts of your account data. That’s usually a good thing and makes the apps useful, but even good apps can become bad partners and it’s important that you know who else can see your data or post to your accounts. Luckily each major provider supplies lists for you to see which apps you’ve approved and give you the chance to remove them. We strongly suggest that you review these list regularly, especially if you think something weird is happening on your accounts.

Google / YouTube

Twitter

Facebook

Thanks for taking a moment to talk about something that may not be as exciting as the great content you all produce every day, but is critical to ensure your content and earnings are safe. If you have any questions about this or anything else related to security, please reach out to your talent manager and we’ll do our best to get you an answer as soon as possible.

Mike Flynn, Chief Technology Officer @ Collective Digital Studio

Related Posts

Thoughts on Apple Bloggers and Vision Pro Coverage

I posted this on Mastodon, but I figured I would cross-post it here as well. I wonder if we’re headed for a weird place with the #Apple Blogosphere (AKA the Apple Blog Mafia). All of the main players are talking about Vision Pro all the time and saying things like “I lose track of time in here!

Read more

The Simple Pleasures of a Mobile Office Whiteboard

I’ve built a lot of stuff for my home office over the last few years of working from home, but my current favorite is something so simple: A custom rolling whiteboard A couple of weeks ago I gave myself a Saturday challenge to take my existing old whiteboard and build a rolling stand for it only with materials I had in my workshop.

Read more

I Made Myself a JARVIS Over the Weekend

With some spare parts, a USB speakerphone, and my Home Assistant server, I was able to make a competent JARVIS for my home office over the weekend…and the exciting part is that it’s only going to keep getting better! Last year was the “Year of Voice” for Home Assistant, the open source home automation platform, and the team accomplished a ton of work that enables Home Assistant users to make their own voice assistants.

Read more