Internet security and privacy are deeply connected and important to your safety. Here are 17 tips to help you stay safe and secure in podcasting.
Podcast: Play in new window | Download
1. Prioritize your privacy
Transparency may seem great online, but this could be at the cost of your own privacy. Listen to my previous episode, “How to Protect Your Privacy While Podcasting,” for more information.
2. Maintain reasonable ownership
As much as possible, ensure you own or at least have significant control over the most important parts of your podcast:
- RSS feed—Do you own the URL? Can you redirect it whenever and wherever you want? Is the URL reserved so no one else can steal it?
- Domain—Always point people to your own domain, even if it merely points to somewhere else when you're starting out.
- Hosting—You could have more control by leasing a VPS or dedicated server. However you host your website and media, keep backups so that you can more easily move, if you must.
3. Use secure passwords
Weak passwords are one of the easiest ways for “hackers” to access anything. Generally, the harder a password is to speak, type, and remember, the better it probably is!
Secure passwords should be:
- Long—Use the maximum number of characters a site or service will allow
- Contain a mix of characters—Use numbers, uppercase and lowercase letters, and symbols
- Avoid anything from a dictionary—Words are easy to guess
- Not include anything personal—Birth dates, names, places, and such can all be figured out
The only passwords you need to know are the ones you must enter without a password manager. For example, your mobile device's password, your PC's password, or your password-manager's password.
4. Activate two-factor authentication everywhere
Two-factor authentication (often abbreviated “2FA”) is when a second device or method is required for authorization. This could be a link or code sent through email, SMS, postal mail, phone call, or other notification.
With 2FA, logging into a supported site or service on a computer would require not only the username and password, but also a code either generated by a different algorithm and available only on another device, or something sent to another location.
5. Make up answers to security questions
Darwyn, from Dealing With My Grief Podcast, commented on my episode about privacy:
One thing that I do to protect myself when setting up accounts, is to never use true information for the security questions… For example, if one of my security questions for the account is “What's your mother's maiden name?” or “Name of your first school?” my answer might be something like “Applesauce.” The information doesn't have to be true, just something to which you can provide the correct answer. With things like classmates.com, ancestry.com or a Google search, it's very easy to find the real answers to these questions.
You've probably seen those additional security questions that you can choose or customize. “Where were you born?” “What was your first car?” “Who was your first crush?” And so on. While some of these may be things only you know, it's probably more likely someone else could figure them out, especially with how transparent social networks make us.
Usually, the answers don't actually have to be correct or even make sense. The answer could even be another secure password!
Be careful with things like birth dates, as some services may require a photo ID at some point if you're locked out of your account. If the dates don't match, you could face a hard time.
6. Use password-managers
My previous three tips focused on securing your logins. That can be very difficult when you have only your memory to guide you. Thus, I fully recommend using intelligent password-managers to create, secure, and prefill this information for you.
For password-managers, I recommend LastPass and 1Password.
For two-factor authentication, I recommend Authy (which uses Google Authenticator), LastPass Authenticator, or 1Password.
These tools will manage all your secure passwords, encrypt and store them securely, and protect other secure information (such as those fake answers to security questions).
7. Backup regularly (and redundantly)
Accept this fact: the universe isn't perfect and, at some point, something important will fail. This is why it's so important to backup all your important stuff (if not everything).
Consider backing up:
- Your computer hard drive (at least your important data on it)
- Your mobile devices
- Your podcast episodes
- Your website files
- Your website database(s)
Think of it this way. If a nuclear bomb went off where you store your data, do you have a backup somewhere?
For WordPress backups, I recommend BackupBuddy.
For PC backups, I recommend BackBlaze as your remote backup and an external hard drive for local backups.
8. Archive instead of deleting
What happens to podcast episodes after they die? Keep an archive of all your podcast episodes, even if it's only the MP3s. I've worked with some podcasters who had lost their episodes and had no way to recover them.
When you finish with a podcast episode, I recommend you compress the episode folder and archive it somewhere safe and secure. My current favorites are BackBlaze B2, Amazon S3, and Amazon Cloud Drive (my current choice). You could also use a spare hosting account, if that's acceptable use of their service.
9. Update frequently (and upgrade when you can)
WordPress, website plugins, apps, and many other tools release frequent updates. I'm not saying you need to upgrade to the latest versions, but I do think you should stay updated with the latest patches.
For example, an operating-system upgrade may be too risky with older hardware and software, but you should keep that operating system version as updated as possible with all its security patches.
You should do the same for your website, too.
The latest upgrades will usually be more secure, so it's best to upgrade when you can.
10. Share login access smartly and rarely
Many sites, services, and people may require access to your other accounts. As much as possible, avoid outright giving usernames and passwords—especially to fringe social-media tools.
Use APIs or OAuth (authenticating through a service instead of giving your login) as much as possible when one thing needs to access another.
If you must share login access with another person, use a password-manager to share the login without exposing your password. You could, instead, make or authorize an additional account for temporary access.
For example, make another admin account if you need someone to do something on your WordPress site. Then, when they're finished, you can delete the account or downgrade its access.
Or, someone might need to access your Google account (for YouTube, Google Docs, FeedBurner, Anaytics, etc.). Instead of giving your username and password, authorize their Google account to access that thing of yours, or transfer the thing (such as a FeedBurner feed) to them (if you trust them).
And as much as possible, avoid sharing login access with anyone or anything.
Instead of logging into sites with a social account, I recommend creating a username and password for each site. This way, if someone gets access to your social account, they're not able to login to a bunch of your other accounts.
Also be careful with what sites or services you connect to your social accounts, even if it's through API or OAuth. They may post without your knowing it.
11. Be cautious on public or unsecure Wi-Fi
You would be surprised how much information can be harvested over public or unsecure wireless networks. Ensure anything you login to is done over HTTPS (you'll see “https://” in the address bar).
Another good way to protect yourself is by using a virtual private network (VPN) that allows you to encrypt and route your Internet traffic through somewhere else.
12. Secure your mobile devices
Mobile devices could be the weakest point in your security. Not only could they already contain sensitive information on them, but they could also be used to access your other secure accounts (with two-factor authentication). And because mobile devices are small and valuable, they're also big targets for theft.
So ensure your mobile device has the utmost security enabled: encryption, location-tracking, “bricking” or erasing after a certain number of failed login attempts, and instant-locking (instead of locking with a password after some time).
Beyond the digital side of the security, also be secure with the physical side. Protect your phone from damage by putting it in a protective case. If it's your two-factor authentication device, you wouldn't want it to be disabled when you need to login! Also protect the device from theft by carrying it in harder-to-steal areas and not setting it out where someone could easily grab it and run.
13. Think critically
A whole bunch of disasters can be avoided by making smarter decisions. I can't say your gut will always be right about what or whom to trust, but when you feel like something is not right, do not proceed!
Here are some suggestions.
- If someone—even someone you trust—sends you a URL with no explanation, you probably shouldn't click on it.
- Don't give out personal information to companies calling you! If they claim to be from the government or a company you do business with, insist on calling them back through a number you trust.
- If something sounds too good to be true, it probably isn't true.
A little critical thinking can go a long way to protecting yourself! (And don't fall for those scams claiming to be the IRS!)
14. Monitor weak spots
There will always be potential holes in any system. So here are some ways to keep things in check to alert you to problem or quickly fix things once they've been compromised.
- Monitor credit-card and bank statements to ensure you're not paying for things you didn't buy.
- Regularly re-evaluate OAuth and API access you've granted. This is usually in a section like “Applications,” “API,” “Access,” or “Connected Accounts.” If you don't use something anymore, revoke its access.
- Look for indicators of problems, such as sudden performance issues, which could indicate a brute-force attack; password-reset requests on your accounts; and other suspicious activity.
- Scan for malware on your websites to ensure no one snuck anything on through some security hole.
15. Implement protections
Protections are important, but you can't always rely on them. The most common protections are:
- Antivirus—blocking and scanning for threats that can damage and spread
- Firewall—preventing unauthorized or suspicious activity from getting through (in or out)
- Malware-scanning—finding and eliminating stuff that shouldn't be there
- Denial-of-Service prevention—protecting against systems that will use brute force to crack a password or simply crash a server
16. Enable encryption
Think about your own computer. It may have a username and password required to use the computer, but what if someone connected the hard drive to a different computer? They may be able to access all your files with little or no problem. Encryption can prevent that.
Encrypting data will make it inaccessible without a decryption key. The latest operating systems usually offer advanced encryption technologies that will barely affect performance. On my macOS PC, for example, the decryption adds only a few seconds to my boot-up and an imperceivable delay on launching programs.
17. Find people you can trust
All of these methods for protecting yourself and your data are important. It's also important that you have a couple people you can trust with access to all of this. I think the first person should be your husband or wife. Additionally, consider trusting someone outside your family.
Think of the worst-case scenarios and take necessary steps to equip others to help in such cases.
What steps are you taking to keep yourself and your podcast safe and secure?
Thank you for the podcast reviews!
- Rudy (AKA “Biggrood”), host of Cascade Hiker Podcast, said in iTunes USA, “I have used soooo many tips from your show. Thanks for always answering my questions… even though I haven't ever asked you one! The show notes have been helpful in the past as well. My podcast, Cascade Hiker Podcast, has been gaining traction thanks to this show.”
Your reviews encourage me and they help other people find the podcast. If you appreciate the podcasting information I share, please write your own review on Apple Podcasts, Podchaser or Stitcher!
Announcements
- Podcasters' Society re-opens very soon! Email feedback@TheAudacitytoPodcast.com if you want to join as soon as it re-opens (and you may even save some money!).
Need personalized podcasting help?
I no longer offer one-on-one consulting outside of Podcasters' Society, but request a consultant here and I'll connect you with someone I trust to help you launch or improve your podcast.
Ask your questions or share your feedback
- Comment on the shownotes
- Leave a voicemail at (903) 231-2221
- Email feedback@TheAudacitytoPodcast.com (audio files welcome)
Connect with me
- Subscribe to The Audacity to Podcast on Apple Podcasts or on Android.
- Join the Facebook Page and watch live podcasting Q&A on Mondays at 2pm (ET)
- Subscribe on YouTube for video reviews, Q&A, and more
- Follow @theDanielJLewis
Disclosure
This post may contain links to products or services with which I have an affiliate relationship and may receive compensation from your actions through such links. However, I don't let that corrupt my perspective and I don't recommend only affiliates.
Hey Daniel, excellent episode with a broad range of tips on the topic!
I recently also published an article a bit like Darwyn’s about security questions, as one of the things that came out in the giant, recent Yahoo hack, is that they got the security questions. I was looking at mine, and noticed I did answer them honestly (way back when I set up the account), and likely used similar elsewhere. That’s kind of scary! I’ve been changing them everywhere I can find them, but it’s hard to do, and I might have missed some. If you don’t mind me leaving a link, some of my advice might be helpful as well:
Yahoo hack: Password management and the problem with security questions http://www.cgwerks.com/yahoo-hack-password-management-problem-security-questions/
I absolutely recommend password managers, and would add PasswordWallet by Selznick to your list. It’s been around since Palm Pilot days and is incredibly cross-platform and solid. But, the main reason I like it is that it can auto-type into non-browser applications (like terminal window, which I use a lot).
But, whatever app you use, you want to be sure to be able to control the data file. Back it up, archive it… keep extra dated copies of it, etc. That’s one file you absolutely don’t want to lose (or corrupt, or make a mistake in)!
Also, be sure to have off-site backups, as you might not have time to grab a backup disk if you have a fire, natural disaster, etc. I have a story about a business nearly wrecked by that kind of thing in my article.
Your advice was really good for point #10. I even go so far as to login directly to Disqus, Facebook, etc if I’m going to use them for 3rd party site comments. You never know when logging in directly could be compromised, and most people don’t know how to tell. It creates a pretty easy phishing situation.
On VPN, people should also realize that with modern OSs, information gets exchanged even before you can establish a VPN connection (with most typical consumer software VPNs). For example, your Dropbox is going to try and connect/sync. Your Apple ID gets exchanged to try and sync calendar, address book, etc.
So, be as sure as possible to pick proper public WiFi services even if you use a VPN, and don’t just join anything you can find. And, certainly, get the VPN going before you do any additional work (like on your website, or logging into your bank).
And finally, if you don’t want to encrypt your entire storage (doing so makes some kind of work on the system harder), you can always create a disk-image (on a Mac: Disk Utility -> File -> New Image -> Blank Image. Generally the defaults are OK, except set the size to what you think you might use, the encryption to 256 bit AES, and Image format to Sparse Bundle Disk Image.)
You can then store sensitive things in there, even if the overall machine isn’t encrypted. And, that kind of image will grow as you use it (it won’t start at the size you set, though it won’t shrink either as you delete) and keep your info safe. Also, since it’s pretty hard to properly erase a SSD (like when selling a machine), keeping things in there will (or a whole encrypted machine) fixes that problem, as the data is always encrypted.
Thanks for these tips. As a person who is just starting in this field, it’s always good to have some guidelines and suggestions, which can help prevent unfortunate events. I already saved this link for later when I get home so I could set everything steps by step and mark it on my checklist. I have to say I never thought that you could take so many steps to increase your security. Thankfully, I already practiced some of these, such as, for example, using Surfshark or LastPass.