In life as in business, we need to have contingency plans. That means backing up our back up and that means having a plan for when we expire. Nobody really wants to deal with that expire part. Nobody wants to address the fact that the clock is ticking. But you need to.
Being in the business of security awareness training, and having a relatively accessible (and some might say – high) online profile. I am contacted by a lot of people facing a number of different issues. Lots are victims of various crimes, both in the physical and virtual world, such as victims of stalking, or they claim their devices are being spied on, (often I think they might be legit paranoid), or they’ve lost money in some type of a scam, you name it. Sometimes I function as a “victims advocate” and I do have a soft spot for those in a bind.
However, there are a number of situations where I am simply not in a position to help. I may not have the resources, for example I can’t (nobody can) call Facebook and get your hacked account back, and I am not a boots on the ground detective in a position to intervene in whatever wire fraud loss you may be dealing with.
What I often do, is provide perspective, like, for example, if they were notified of a data breach, and their credit card is involved, they call me freaking out, and I tell them that doesn’t necessarily mean their identity is at risk because credit card fraud is not the same thing as your Social Security number in the hands of criminals and so on.
Sometimes people just need a little “talking off the ledge” and engage with an expert to feel better about their situation. And then there are situations that come up, like the unexpected death of a loved one. To me, those are often the worst. That’s because I am empathetic to someone’s real pain and problems, but I’m not fully equipped to help. But like most plugged-in people, I do have some pretty good connections.
That brings me to Bob Young of FIFO Networks. Bob was introduced to me by my vCISO Mike. Bob is a guy who has a skill set that very few have, and he has a bedside manner that makes him perfect for his job. He is a super nice guy. Bob specializes in a number of technology disciplines, but what he’s really good at is getting access to digital devices that few can get access to. So, for example, if your loved one dies, Bob has a good chance of getting in their phone or computer or accounts. Frankly, I hope that you never ever have to meet Bob.
One word for a guy like Bob might be a “hacker”. And while to some, this word might be offensive, there are all kinds of hackers out there. There are good hackers known as “white hats” and there are bad hackers, known as “black hats”, these terms come from the old spaghetti westerns. Bob is definitely one of the good guys.
Below is a discussion between Bob and I and a little bit about what he does, and what you should be doing now to prepare for the inevitable. Yes, inevitable. You are going to die. Me too. It’s coming.
Robert (Me): Thank you for joining me today. Can you share a story or two about what it looks like when someone comes to you to assist in digital recovery after someone’s passing?
Bob: Certainly. Recently a grieving brother called me to access his deceased brother’s computer. The brother mentioned significant investments and a missing will, hoping the computer held clues.
Robert: What are the primary goals in digital recovery after someone dies?
Bob: There are two main goals: data recovery and account recovery. While these goals overlap, they’re distinct. Data recovery involves retrieving information, while account recovery focuses on gaining access to accounts, often requiring passwords and recovery keys.
Robert: In our discussion, you mentioned various encryption methods. Could you elaborate on how encryption impacts the recovery process?
Bob: Absolutely. Encryption, like BitLocker or FileVault, adds complexity. For example, recovering data from a Windows computer with BitLocker may require accessing the Microsoft account for the recovery key. Physical security keys or a Yubikey can be game-changers, but they’re rare.
Robert: Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA) play a significant role. How do these impact the recovery process?
Bob: 2FA and MFA add an extra layer of security, often involving codes sent via text or authenticator apps. Accessing the deceased’s phone becomes crucial for unlocking accounts requiring 2FA/MFA.
Robert: Unlocking devices seems central to the process. Where do you usually start, with the phone or the computer?
Bob: It’s somewhat circular. While unlocking the computer might grant access to significant accounts, you often need the phone for 2FA. I typically start with the phone, ensuring its accessibility.
Robert: Unlocking a deceased person’s phone appears challenging. How do you approach this?
Bob: While biometric authentication is common, knowing the PIN or pattern code is usually sufficient. In case family members don’t have this information, alternate methods exist to bypass biometric authentication using a PIN.
Robert: What if the computer is locked? What steps do you take to unlock it?
Bob: Unlocking methods vary, but it’s best to start by asking relatives or friends for the password. Failing that, searching for written records or changing the unknown password can be attempted. Password-cracking tools and password removal are more complex options.
Robert: Can you share a specific case, like Ron’s, where you successfully recovered critical information?
Bob: In Ron’s case, finding a will and stock market investments was a priority. After searching Ron’s office, I used professional tools to change the computer password. No encryption hurdles meant swift access to essential information, including the will stored on the computer and a backup in county records.
Robert: What advice do you have for individuals to prepare for digital recovery after their passing?
Bob: Preparation is key. Maintain a well-organized offline list of passwords, use a password manager, grant access to your phone, document financial accounts, file your will with county records, and ensure your trusted person knows about any physical security keys.
Robert: Lastly, you mentioned legal considerations. How do you navigate the legal aspects of account and data recovery?
Bob: Legalities are crucial. I comply with government laws and often require proof of relationships. However, online account providers may have their own procedures, emphasizing the importance of proactive steps like setting up Legacy Contacts on platforms such as Facebook.
Robert: Thank you for providing insights into this intricate process. If our readers have further questions, they can contact you at your website, correct?
Bob: Yes, that’s correct. If anyone needs more information, they can reach out to me at fifonetworks.com/contact-us.
Thank you Bob. And to my loyal readers, like I said, as much as I like Bob, I hope you never have to meet him. Meanwhile, to summarize, here are some action items, things that you can, and should do now to prepare for your demise.
- Maintain a Password List: Keep a complete, well-organized, offline list of all passwords, including those for computers, online accounts, and other devices.
- Use a Password Manager: Simplify the process by using a password manager. Have written records of two passwords: the master password for the password manager and the computer login password.
- Grant Access to Your Phone: Ensure that your trusted person knows the PIN or pattern code for your phone. Consider including this information in your password list.
- Financial Accounts List: Keep an updated list of all financial accounts, including banks, investments, and other relevant details that your trusted person might need.
- File Your Will: File a copy of your will with the County Records office. This ensures a legal and easily retrievable document for your family.
- Physical Security Key: If you use a physical security key, like a Yubikey, make sure your trusted person knows about it, what it looks like, and where to find it.
- Set Up Legacy Contacts: On platforms like Facebook, set up a Legacy Contact to manage your page after you die. This proactive step facilitates smoother access for your family.
- Emergency Information: Consider creating a sealed envelope or a digital document containing essential information about your digital assets and how to access them. Ensure your trusted person knows where to find this.
- Online Account Provider Procedures: Familiarize yourself with procedures offered by online account providers. Some platforms have features like Legacy Contacts that you can set up in advance.
- Communication: Lastly, communicate your wishes regarding digital assets to your trusted person. Let them know your preferences and where to find critical information in case of your passing.
Taking these proactive steps ensures a smoother transition for your family members when dealing with your digital afterlife.