If the CIA Director Is Hacked, Is Anyone Safe?

What's Hot

2 Types of Black Marks Might Vanish From Your Credit File SoonBorrow

6 Ways the Obamacare Overhaul Might Impact Your WalletInsurance

7 Dumb and Costly Moves Homebuyers MakeBorrow

This Free Software Brings Old Laptops Back to LifeMore

Obamacare Replacement Plan Gets ‘F’ Rating from Consumer ReportsFamily

Beware These 12 Common Money MistakesCredit & Debt

21 Restaurants Offering Free Food Right NowSaving Money

17 Ways to Have More Fun for Less MoneySave

House Hunters: Beware of These 6 Mortgage MistakesBorrow

30 Household Uses for Baby OilSave

25 Ways to Spend Less on FoodMore

Nearly Half of Heart-Related Deaths Linked to These 10 Foods and IngredientsFamily

5 Surprising Benefits of Exercising Outdoors in WinterFamily

10 Ways to Save When You’re Making Minimum WageSave

Boost Your Credit Score Fast With These 7 MovesCredit & Debt

7 Painless Ways to Pay Off Your Mortgage Years EarlierBorrow

The Most Sinful City in the U.S. Is … (Hint: It’s Not Vegas)Family

The True Cost of Bad CreditCredit & Debt

10 Companies With the Best 401(k) PlansGrow

This Scam Now Tops ID Theft as the No. 2 Consumer ComplaintFamily

6 Stores With Awesome Reward ProgramsFamily

6 Ways to Save More at Lowe’s and The Home DepotSave

6 Healthful Treats for Your DogFamily

New Study Ranks the Best States in the U.S.Family

Thousands of Millionaires Moving to 1 Country — and Leaving AnotherGrow

Strapped for College Costs? How to Get the Most From FAFSABorrow

6 Overlooked Ways to Save at Chick-fil-AFamily

Ask Stacy: What’s the Fastest Way to Pay Off My Mortgage?Borrow

Where to Sell Your Stuff for Top DollarAround The House

8 Ways to Get a Good Price on a Shiny New AutoCars

Ask Stacy: How Do I Start Over?Credit & Debt

Secret Cell Plans: Savings Verizon, AT&T, T-Mobile and Sprint Don’t Want You to Know AboutFamily

30 Awesome Things to Do in RetirementCollege

14 Super Smart Ways to Save on TravelSave

The Rich Prefer Modest Cars — Should You Join Them?Cars

You’ll Soon Pay More to Shop at CostcoSave

10 Ways to Save When Your Teen Starts DrivingFamily

This case is a reminder of critical security lessons that anyone can follow, and anyone can forget.

A computer criminal called the New York Post last week to say he’d hacked into CIA Director John Brennan’s personal AOL email account.

Once you get over the shock that the director of America’s intelligence agency was using an AOL account, you’ll realize that the elements of the attack sound all too familiar. Wired’s Kim Zetter reported that the hacker told her he’d tricked Verizon into divulging Brennan’s personal information by pretending to be a Verizon employee. Armed with those personal details, which reportedly included the last four digits of a bank card, the hacker and his partners went to AOL, fooled the service’s “forgot your password” function, and used it to repeatedly reset the password and hijack the account.

Making matters much, much worse: Brennan had forwarded some sensitive (but not classified) information from his work email to his personal email. The hacker said he found a spreadsheet with Social Security numbers, for example.

Sure this story is embarrassing and perhaps even worth a giggle (the CIA director was using AOL?). But there are serious lessons to be learned.

“Forgot your password” is every hacker’s favorite tool

We’ve known this for years. People forget passwords. When they do, there must be a way to recover or reset the password. This method is almost always less secure than the login credentials. The hurdles to reset the password turn out to be something the company knows, and something hackers can learn. Pets’ names. Old girlfriends’ names. At the sophisticated end, the name of your mortgage holder. Or in this case, payment card details. All discoverable.

The lesson for you? When you set up an account and a company asks you to supply answers to those annoying questions, take an extra moment to make it hard on a hacker. Can you make it impossible? Probably not. One trick smart security professionals employ is to lie in their answers (Say your first car was an AMC Pacer when it was a Ford Escort). You have to remember the lies, of course, but lies are a lot harder to discover through traditional research.

Work and pleasure mix — they just do

Everybody forwards work emails to their personal email address. Don’t lie. (Sorry for the ambivalence on that one.) It’s just too convenient. It’s too easy. With very rare exception, companies encourage employees to bring work home, to bring their own devices, and yes, even their own email addresses to the job. It saves money and gains them productivity. This problem is most clear in the BYOD world, where your iPhone basically becomes company property once you start reading emails on it.

Companies that don’t want their secure information finding its way onto AOL email have to invest in serious technology to forbid it. They also have to let workers leave their work at work. No personal laptops. No quick logging in from home. No, “Oh my work phone is dead, I’ll just use my personal phone this one time.” Until companies are willing to make that investment, things like this will happen. Even to the CIA director.

Those @#$%^& attachments

They are the source of so much trouble. Attachments are the main delivery mechanism for virus attacks that infiltrate companies. Spear phishing emails with fake resumes or spreadsheets lead to corporate espionage. And yes, it’s easy to forward a spreadsheet of Social Security numbers from some HR database to a web-based email account. And then, holy heck can break out. If you are CIA director, you end up being the lead story on the “NBC Nightly News.” If you work in human resources, something much worse can happen — you could lose your job.

The lesson? Treat attachments like fire. Or maybe like firecrackers. They can be useful, but it is very dangerous to play with fire, and they will almost certainly explode on you at some point. Use attachments sparingly, if at all.

It can happen to anyone

Here is yet another example proving that even people whose lives and careers depend on security have lapses in judgment. Really? The CIA director getting caught using an AOL account to store sensitive, if not Top Secret or Classified, information. You can be secure and make smart choices 23 hours and 59 minutes a day, but it only takes a momentary lapse of reason to make a big mistake. So consider this story, think, “There but for the grace of God go I,” and then keep your guard up.

What’s your take on the CIA director’s security breach? Share with us in comments below or on our Facebook page.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!


Read Next: How and Why the Government Snoops Through Your Phone

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 2,061 more deals!