Congratulations! Your post went viral and the followers are rolling in. Brands are reaching out for sponsorships and you’re feeling excited. What now?
You’re probably figuring out what ad rates you should charge and looking for an agent or a manager. But you might also be feeling a bit nervous about the newfound attention, especially if you’ve started to see some negativity and trolling in your comments. While you know you can’t please everyone, you may be wondering what you can do to protect yourself just in case one of those trolls decides they really don’t like you.
We’ve drawn on our experience in cybersecurity and defending against online harassment to put together this guide. It contains some of the most important steps you can take to keep yourself safe from hacking, doxxing, and other attacks associated with being popular online.
Your accounts are valuable now. That means your account might be targeted by hackers for ransom, extortion, or takeover. The #1 way hackers get into accounts is by finding passwords you’ve used in the past and trying to reuse them. Hackers might also try to guess at your passwords if they aren’t unique enough, or are based on discoverable information from your life such as the names of pets.
One of the best ways to keep your accounts safe from hackers is to use long, unique passwords for all of your accounts, and the easiest way to make and keep track of those passwords is with a password manager. A password manager will generate and store strong passwords, keeping your account safe without stressing you out about remembering a bunch of complicated passwords.
There are a lot of password managers out there, but we’ve found that 1Password and Bitwarden are the best in terms of security and user experience. If you’re already using the Chrome, iCloud Keychain, or Firefox password manager functions and they work for you (and let you use unique passwords), keep on using them. Whichever password manager you choose, make sure you create a strong master password you don’t use anywhere else.
Once you’ve set up a password manager, use it to generate strong passwords for your accounts. Start with your email, social media accounts, financial accounts (especially those that are linked to social media), and accounts you use to log into other accounts (such as iCloud). Eventually, move all of your accounts into your password manager, changing passwords to fresh, strong, unique ones as you go.
Two-factor authentication (also known as 2-step verification, multi-factor authentication, 2SV, 2FA, or MFA) is a second step you need to complete before you sign in to an account. If you’ve ever gotten a text on your phone with a code after entering your login info, that’s two-factor authentication.
Two-factor authentication protects you if someone is able to discover your password or uses a phishing attack to trick you into entering it on a look-a-like site. Without that second code sent to your phone, an attacker won’t be able to get into your account.
Text messages (SMS) are usually the default option for two-factor authentication, but they have some drawbacks. We recommend using an authenticator app on your phone like Authy or Microsoft Authenticator instead. You can also use the authenticator app functionality built into some password managers.
A lot of sites suggest using Google Authenticator for two-factor authentication, but since Google Authenticator doesn’t provide backups on iOS, we don’t recommend it. When a site suggests using Google Authenticator, the apps we suggest will work just as well as they use the same mechanism to authenticate.
Similar to SMS-based two-factor authentication, you’ll register your authenticator app on each of your accounts: in your account settings, you’ll see a QR code that you scan with your authenticator app. The app will then generate a six-digit code that you’ll enter on the site. In the future, after you sign into that account, you’ll enter a code from your authenticator app to prove that it’s you.
Other great options for two-factor authentication are backup codes and physical security keys.
If you’re in the US, your home address is probably on the internet for anyone to find thanks to people search websites (also known as data brokers). Thankfully, it’s easy to remove yourself from them. While there are dozens of people search websites out there, start with BeenVerified, Intelius, WhitePages, Nuwber, Clustrmaps, and PeopleFinders. Yael Grauer maintains a comprehensive list of these broker sites.
Opting out can be a time-consuming process, but it’s worth it — especially if your real name is widely known online. If you’re feeling overwhelmed, you can pay for an opt-out service instead. We like Optery, Kanary, and DeleteMe.
If you’re planning to set up an LLC or any other type of company, getting a mailbox is critical: corporate records are public, so any address you list on them will be visible on the internet. We highly recommend you get a mailbox and avoid using your home address for any business records, especially for the addresses of your officer/director or registered agent. People often use PO boxes, but we recommend a UPS mailbox or private mailbox (PMB). UPS mailboxes and PMBs function as a street address and can receive all types of mail, whereas PO boxes only work with USPS-delivered mail. Some PMBs have additional features such as online interfaces that show scans of your mail and mail forwarding. PMBs can be a bit more expensive, but we think they’re worth it.
You can get a UPS mailbox at most UPS stores. There are a bunch of PMB companies out there, and which one you should choose depends on where you live. We like VirtualPostMail and Earth Class Mail the most because of their slick online interfaces.
These same issues apply to any phone number you list in business records – another reason for our next recommendation!
Brands need some way to reach you, and if you don’t have an agent, they’ll need to contact you directly. While your social media DMs can work at first, we recommend against using your personal email and phone number when working with brands, because you’ll likely want that information public and easy for companies to find. Instead, we recommend setting up a dedicated email address, such as [yourname].email@example.com and a Google Voice phone number or business line through a service like OpenPhone. It’s also worth registering a domain name and setting up a basic personal homepage that links to your various social accounts; this helps make sure your own content is at the top of search engine results for your name. Services like SquareSpace make this easy, and you can also set up custom email addresses (like business@[yourname].com).
Whether you consider yourself an influencer, a content creator, a micro-celebrity, or you just want to improve your security posture, we recommend you take these steps. You may need to take further actions to keep your information secure or private if you’re frequently targeted online or have a rapidly expanding audience, but by following these tips, you’ll protect yourself from common online attacks.
Are you a content creator looking for a hands-on evaluation of your security and digital footprint or just interested in learning more? Contact us or sign up for our newsletter.