Security

Are we getting too comfortable with our online information?

In a survey by Webroot software, 70 percent of online shoppers are quite comfortable with entering their credit card numbers on an Internet site. Is this a trend or simply what it takes to integrate the Internet into our lives?

In a survey by Webroot Software, 70 percent of online shoppers are quite comfortable with entering their credit card numbers on an Internet site. Is this a trend or simply what it takes to integrate the Internet into our lives?

The kicker is that one in seven respondents to the Webroot survey also say that they have been a victim of some form of online fraud or identity theft.

Read the story from the International Times Herald.

What is this telling us?

This is difficult to write, because I have been a victim of identity theft. I have become incredibly sensitive to the idea that people don't understand the criticality of safeguarding their personal information. But however sensitive I may be, the reality is that people either don't know or don't care how fragile they are online.

Some thoughts from the Herald article:

Be more suspicious than usual about your in-box. Junk e-mail is the usual nesting place of "spyware," hidden little applications that the crooks program to secretly sprout and sniff around your computer for financial data.

Sadly, spyware can be hidden inside of holiday e-cards too, so don't open those from people you don't know. And if your children surf from your personal computer, the spyware may already be lurking.

E-mail is also the source of alerts from financial institutions, lotteries or employers - or so they say - that need you to take some action or disclose some information.

They look genuine, but they are just "phishing" for some sucker to be drawn in. Sloppy typing or spelling are often cues that they are fakes, but in general, skip the sweepstakes and be extra vigilant of eBay and bank look-alikes.

Lastly on e-mail, just be aware that it is not a secure way of communicating. So don't send your credit card information or checking account number by e-mail. Buy from a Web site.

On those Web sites, look in the Internet address in the tool bar of your browser for an "s" at the end of "http" -that last letter indicates that transactions sent from there will be secured, according to ReputationDefender, another privacy company. Look for the padlock symbol in the corner of your browser: another security sign.

This is especially the case if you are shopping the Web using a wireless hot spot. Public networks like those in cafés and airport lounges are notoriously insecure, so don't even think about buying from there. And if you're "borrowing" a neighbor's signal, well, just think about how easy it was for you to hitch a ride.

From a business perspective, there are greater considerations. I may find it necessary to sell some corporate assets on eBay. How do I protect my presence? According to Javelin, I may not need to worry. Read the report (and associated links).

At the end of the day, I think that we have to keep some basic things in the forefront of our thinking when exposing ourselves online.

Assume nothing, check everything. An unsolicited e-mail will not hurt me if I delete it. Ten days ago, it wasn't in my e-mail and I didn't miss it. What will hurt me if I delete it today? And while I am thinking of it, why do I have to respond to everything that appears in my mailbox? This has a real social engineering element— we have always believed that we should respond to all queries and all e-mail. Why?

If you are a contractor, there are additional concerns. For example, your online resume may make you a target for a different approach to phishing. Be wary of recruiters that ask for your Social Security Number or date of birth in the first contact e-mail they send. Some companies will ask for the last four digits of your SSN to submit your resume to a client. I just give them a different set of four digits.

How do we learn to protect ourselves? Try these links:

Identity theft and fraud (USDOJ)

Identity Theft and Consumer Fraud - How to protect your identity (Edward Jones)

Protect Yourself From Identity Theft (IdentityTheft.org and The ID Theft Center.org)

I looked for but could not find a list of best practices for corporations.

I can tell you in boring detail what it is like to have to fight your way out of identity theft. What I hope for is a time when that isn't necessary. Hopefully, you are already taking action to stay safe. How do you protect yourself from identify theft?

————————————————————————————————————————

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

Editor's Picks