It always happens to me in one of two situations: on a shoot at the end of a tortuously long day, or a day like today - in the frantic run up to the film festival when the entire team is multitasking their tits off, and the pressure starts to tell when wear and tear on nerves, muscles and manners starts to show; we was hacked, or a hard drive goes down.
There are lots of services out there that can help when disaster strikes, but they are costly and time-consuming. following a few basic rules could save you heaps when the chips are down.
Before we start, I need to ask you a few questions:
When was the last time you backed up your computer and website?
Are you like some of my mates who never back anything up? A lesson I've learned the hard way is to ALWAYS back up. You just sleep better. remember that in today's modern world there are dozens of ways you can get hacked or have a hard drive fail.
If all your hard drives failed, could you get your movies back?
Here's a horror movie for you: You wake up, start work and plug in the hard drive you were losing last night. It fails. And so does every other hard drive you possess. You take your computer and drives to your local computer store and they tell you that there is nothing you can do. Could you get your showreel back? Your movies?
Suppose your blog and social media accounts were hacked?
This happens every few months it seems at Raindance. We get service denial attacks which crashes our website and emails. It's because of some of the programming choices we make at the festival, and of some of the controversial filmmakers we support.
Suppose you notice that your website is under attack. Sometimes it's quite harmless - here's what's happened to Raindance: they just replace your homepage, or redirect your website to Disney. Other times the hacker gets inside your website and starts deleting files maliciously as quickly as they can. If this happened to you, would you know what to do?
Did any of these questions make you scratch your head and go "don't Know!" Chances are you are going to be pretty damaged by a hack or hard drive failure.
A Filmmaker's Guide To Being Hacked
1. Back up your files to several different external locations.
I feel a bit like a nurse at a primary school here but you should really back up EVERYTHING in two different geographical locations: like home and your office. I'm MAC based and use Time Machine. I also back up to an external hard drive and and the online cloud service Dropbox.
I hate thinking about worst case scenarios, but suppose suppose suppose - your home gets burnt to the ground. If you haven't backed up, you'd lose absolutely everything you ever did.
I'm putting my school nurse hat on again: You really have no excuse. a 1 Tetrabyte hard drive costs less than fifty quid. Get two, and use them.
2. Keep up to date.
Hackers love to exploit out of date software. Keep your websites, scripts and anti virus software are kept up to date particularly with WordPress. Make a note of all websites that use scripts, databases, php, etc and you should have no issues. If you have any doubts, watch this amazing TedTalk on hackers:
3. Backup your websites on a regular basis.
Once a week back up everything on your website. Be paranoid. what if your website magically disappeared. How would you regain it?
4. Every time you update your website or software product, back it up.
every time you release something new, or update a programme, back it up. Some use a program called WP Twin for WordPress sites like Raindance which basically copies the whole site and creates a downloadable file which you can store anywhere you like. So literally everything on the site is backed up, the files, the settings, the members, the pages. Everything.
5. Use more than one back up service.
More planning for a worst case scenario. suppose one of your backup FTP servers goes down or is hacked. Wouldn't you rest easier knowing your data - you know - all those hours and hours of sound and picture files, the EDLs and more are safe and sound somewhere else?
Blogger John Thornhill has written a really great article on preventing hackers from messing with your stuff. His advice on backup tools and services are invaluable:
Have a look here:
Back up Tools & Services That I Use by John Thornhill
Time Machine & Time Capsule.
The time capsule is the physical hard drive which connects to your computer via wifi, and time machine is the software on my Mac that sets up everything to automatically back up, every single hour of the day my computers are backed up. So I can go back to specific hours of specific days to get work back that I maybe messed up or lost. It can be very easy to accidentally delete something, so it is always nice to know that if you do, you can go back and get whatever it is you’ve deleted. And of course all of my files are backed up to Dropbox too.
Windows Back up & File Back up.
If you are using a windows machine, then their operating systems have automated back up features and file restoration software built in, so check you user manual or set up guide or simply Google how to set these up. I find they do not work as well as the Mac versions mentioned above and they are missing some features of the Mac versions, but they serve their purpose nonetheless.
Online Backup Services.
As I mentioned before there are tons and tons of online back up services, just search Google and you’ll find plenty to chose from, I’m afraid I can not recommend any of them other than Dropbox as that is the only one I have used but there are tons of services that will automatically back up your data.
External Hard Drives.
External hard drives are cheap and easy to come by and are invaluable when it comes to keeping your data safe, I would advise you back up to at least 2 of these and possibly more if you can afford them. Also try to just use your external hard drive for back ups only, for example, I have a lot of my music on an external hard drive but separate to the hard drive I use to back up. Just use back up hard drives for back ups only, and maybe even keep it labelled so your family or friends know not to use it for anything else.
You can create a folder called ‘backups’ on one server and copy everything over from your other server to act as a back up. This won’t do any harm what so ever and most hosting companies will include more than enough file space. You could also use Amazon S3, I use Amazon S3 to store my videos, so they are already sort of backed up as they are on Amazon S3. Google Drive is also another option.
Security Tools & Services That I Use
Sucuri is an online alert system and protection system, you can set it up to alert you if anything bad is happening or even totally lock your site down if something very bad is happening. I have also now set it up so that on some of my sites, my members have to go through a Sucuri proxy server before they can access my sites. So Sucuri can monitor the traffic that goes to that site and if any vulnerabilities happen or anything bad starts to happen, they can stop it straight away. They can also repair any damage that may get done to your site and any vulnerable spots where hackers may be able to get in. Sucuri isn’t cheap but for the peace of mind it brings it’s worth every penny.
Wp Twin is a service for WordPress sites, that when set up, can clone your whole site, so that if you needed to you could simply deploy the clone, and absolutely everything on the site will be as it was when it was cloned. WP Twin turns the clone into a file which you can download and store wherever you like, as I mentioned before I clone my important sites once a week or whenever I make a big change and I have all of the separate clone files saved with my back ups.
You don’t need me to tell you that you have to be very careful when it comes to using passwords, however I know that a lot of people are not security conscious when it comes to using passwords. Here’s some tips to make sure your passwords stay safe.
With so many passwords to remember I’d be lost if I didn’t use a password management service. 1 Password is a cross platform piece of software that I have on all of my devices, which can save your login details for websites which then get encrypted and stored on a secure server. It is a great password management tool and I would be lost without it. Having a system which can save all of your passwords in one place is invaluable and is certainly easier and safer than carrying a little black book with all of your password and details. However, I never use any password management system for my most important logins such as Paypal, banking, eBay, Facebook, etc. All of those passwords are stored in my head and no one else knows them.
Don’t share passwords.
This should go without saying, but do not share your passwords with anyone, this applies to everything from bank details to Facebook passwords. No matter how well you know or trust a person you should always be weary about sharing passwords and details with them. The primary reason is that if you’re sharing details with someone via email, it can be very easy for someone to intercept that email and learn your login details. If you absolutely have to share passwords and details with someone, try not to do it over email and try not to mention what the details are for in the same document. E.g. Don’t say, “Hi Bob, here are my details for [site name].”
If I have to do this I generally send the username via email and the password via text message.
Use different passwords.
Try to use different password for all of your sites, or at least for all of your very important sites, I am not going to ask you to memorise 100 passwords but having different passwords for everything means that if someone managed to learn your password for one site, they wouldn’t be able to use the same one to access another site, and you can be dammed sure they’ll try.
Use strong passwords.
Passwords like qwerty123 and pass1234 are close to useless, anyone trying to access your stuff is bound to try those sort of passwords first, now obviously you’ll never be able to remember a 20 digit password with symbols, lower case, upper case and numbers, but try to use words and phrases that are unique to you or just totally random words, as long as you’ll be able to remember it if you need to.
Use a 2 step login process. (Also known as 2 step Authentication)
This is something I am starting to see more and more of, a 2 step login process will ask you for your password and then it will ask you to confirm a passcode via a text message sent to your cellphone. Google uses this service if you try login to Google on a new device, it will ask you to enter a passcode that will be sent to your cell phone number. Thereby ensuring that it is indeed you who is trying to access your account. Microsoft are also doing this sort of thing now and a lot of the big companies are starting to use similar systems. Facebook has a similar system where you need to enter a code from the Facebook app on your cell phone if you login on a new machine. It’s all very clever and adds a high level of security. Now obviously you don’t want to be doing all of this every time you log in to these sites from the same devices but it is good for that added security if someone was to try to access your account.
In conclusion, what I want you to take away from this blog post is that it is always wise to imagine the worst case scenario when it comes to online security, never think that it wont happen to you and that no hackers would want to target you. Ask yourself ‘what if’. What if your sites disappeared? What if your computer was destroyed? What if that important password was hacked.
Never click links in emails.
Tons of hacks occur from phishing emails. This is where an email looks like it’s genuine but isn’t. That email telling you your bank account has been compromised probably isn’t real but even if it were you should make it a habit never ever click a link in an email to login to any website. Always type the address in your browser to be sure.
Finally, you haven’t won the Microsoft lottery and the King of Nigeria isn’t going to send you $1000,00000,00000 if you reply to his email.
And to be honest if you fall for stuff that you have no chance of staying secure online.
By taking common sense precautions and becoming more vigilant hopefully you’ll never go through the distress a hacking scenario can cause. I guess you know most of what I have covered but if I have made you be a little more aware then I have done my job
I’d love you to share your comments, tips and experiences so if you can add anything to what I have already covered please share your experiences.