Protecting your Identity in the Cyber World

Dean Bentle

The following is an excerpt from the Better Business Bureau's website that I wanted to share with everyone.

The new, highly interactive Internet and telecommunications technology afford us a whole new world of services - almost literally putting the world at our fingertips. We now enjoy online banking, easy electronic bill paying, wireless connections to the Internet, the ability to take pictures, retrieve email and surf the web with our cell phones. Let's not forget our personal digital assistants (PDAs), those wonderful little devices that remember all our contact information, maintain our calendars and store all sorts of other easy-to-forget details of our daily lives. What's more, these separate technologies are all converging.

We appreciate all the new services the various devices provide, and more than a few of us make use of these on a fairly regular basis. Unfortunately, most of us are only dimly aware of exactly how these technologies actually work. And that lack of substantive knowledge makes us much more vulnerable to high-tech thieves.

What Does the Virtual Thief Want?
Exactly what the real world thief wants. To capture your information, create a new identity based on that information, and then use that identity - your identity - to his or her own purposes, leaving you holding the bag.

Where Does the Virtual Thief Find These?
Here's where the real-world and virtual thief begin to part company. Unless the proper safeguards are in place, the new technologies can create major gaps in your personal information security. If you have a personal computer, think of the information you've probably stored there - things like bank account information, electronic tax returns, perhaps the family genealogy, your PDA data, insurance information, spreadsheets and word processing documents containing all sorts of information. The list could go on and on…

  • How You Can Defend Yourself?
    Your Login/Password/PIN In the virtual world, basic self-defense begins right here. So here are some important tips:
    • Use unique passwords whenever you can.
    • Use passwords wherever you can -- on all your devices and in any programs that contain personal information. It's not only your PC that contains sensitive information. What if your laptop was stolen, or your PDA or your cell phone. Nearly all these electronic devices allow you to set password protection. Passwords won't necessarily thwart a knowledgeable and determined thief, but most thieves don't fit that description.
    • Change passwords regularly. This is a tough one. If you spend a lot of time online, you may have passwords not only on your devices, but with your ISP and on many of the web sites that you visit. It is hard to remember to change passwords, and harder still to remember which sites have which passwords. It may actually be better to use fewer passwords and change them more regularly than to have many and fail to change any of them. Twice each year, we set our clocks -once forward and once back. This may be a good time to remember to not only set your clock, and check your smoke detector batteries, but to change your passwords and update your computer protections.
    • Don't Set Your System to "Remember My Password". This may seem like a helpful feature. When you first create or enter a password, your software may offer you a "pop-up box" with a friendly query about whether you'd like the system to remember this password. If you click the appropriate box, your password will automatically appear whenever you attempt to log into the program. However, if someone else knows - or can guess - your login, the password helpfully allows that person entry into your system. Wherever possible, disable these memorized features.
    • Remember Passwords; Don't Write Them Down. Passwords are hard to remember, and there is a terrible temptation to write them down. But written passwords are no good if they are nowhere near you when you're using your PC or laptop or cell phone or other device. So people tape them to the underside of keyboards or under the mouse pad or carry them in a laptop case, or put them in a wallet or purse. Thieves know this, and these are the first places they look.
  • Purchase Anti-Virus Software. Next to password protection, nothing is more important that having good anti-virus software and having that software absolutely up-to-date. Naturally, it helps to protect your system from being damaged or ruined due to a virus, worm or Trojan horse. More important to the issue of identity theft, however, is the fact that some worms don't make their presence known. Instead, they may open a backdoor into your system, through which a thief can gain access or otherwise transmit information that will compromise your security.
  • Keep Your Operating System Software Updated. Often outside public view, a battle is raging. It's an ongoing war between those who want access to your system for some less-than-noble purpose and those who are trying to protect your system. And at any given moment in time, the good guys don't necessarily have the upper hand. But just as soon as a new vulnerability is discovered, your system vendor makes a "patch" available to fix it. Unfortunately, those patches don't do any good if you don't install them as soon as they are made available. Both Microsoft and Apple make available an "automatic update" feature for their security upgrades.
  • Install a Firewall? In the real world, a firewall is a fireproof barrier that separates something that might burn from something you want to keep safe - for example, a barrier between your car's engine and the passenger compartment. That's how the term got applied to the Internet. It's can be a nasty world out there in cyberspace, and a firewall is a hardware or software "barrier" that helps separate your computer from those who would do you harm.
  • Take Precautions With Wireless Networks (Wi-Fi). A growing number of computer users are either setting up home wireless networks or making use of wireless networks in airports, coffee houses, bookstores and other locations. But wireless use requires special precautions.
  • A Word About File Sharing. Peer-to-peer or file-sharing programs allow you to share your files with others on the Internet -- and vice versa. However, nothing comes without pitfalls; if you can get files from others, they may be able to get files from you - maybe files you didn't intend they have.
  • And Now, A Word About You. If you have taken all the steps outlined here, you can be fairly certain that you've made it much harder for someone to use your technology to steal your identity. But, as in the real world, you can be the weakest link in your own cyber security program. All the protections in the world won't do any good if you give your identity away. Here are some things you need to consider:
    • Beware of "Phishing". "Phishing" is a term coined by computer hackers, who use email to fish the Internet hoping to hook you into giving them your logins, passwords and/or credit card information. In all these scams, the phisher first impersonates a legitimate company such as your own internet service provider, or your auction site or a financial institution. In the typical scan, you'll get an email that appears to be from a reputable company. You'll be asked to go to a special site to update your account information. If you get one of these messages, don't panic - and don't respond. Remember our advice: Don't give your personal information to anyone you don't know. If you are concerned that the message might be genuine, call your Internet Service Provider (or bank or other organization being spoofed) at a telephone number you obtain from your billing statement or through an email address the legitimate company provides.
    • Be Wary When Using Public Internet Kiosks or Other People's Computers. When you are surfing the internet, you are leaving a trail in the computer you are using. This is called "caching", and it helps speed up your Internet experience. But when many people are using the same computer terminal (whether it is at a public kiosk or in a friend's home), it may mean that others can see the sites you have visited. And if you haven't "logged off" a password-protected account, your personal information may be accessible to others. Worse yet, software is now available that can capture every key stroke you make - in a way that is invisible to you. In one recent case, successfully prosecuted by the Department of Justice, a man successfully installed such "keylogging" software in 14 Kinko stores in the New York City area, without Kinko's knowledge or permission. Using the software, he was able to capture customers' usernames and passwords.
    • Here's some simple advice. Unless you simply have no other choice - or unless you trust the owner of the other computer completely - don't use someone else's computer to access any of your accounts that require logins or passwords.
    • Don't Give Personal Information Over the Internet Unless the Site is Secure. The Internet is the world’s largest public meeting place - at any moment, millions of people are communicating. Most of that communication is public. You wouldn't broadcast your personal information in a public square, and you shouldn't do it on the Internet. When it comes to giving personal information, you should only do so on a secure server. On a secure server, your information is encrypted as it is being transmitted; that way, others can't read it if they should intercept it. Here are some tips to let you know you are on a secure server:

Look at the URL (website address) of the page you are on when uou are asked to give personal information An unsecured URL will look like this: http://www.site.com. A secure site will have an "s" either in front of or following the "http", and it will look like this: https://www.site.com or shttp://www.site.com. A secure site will also have a yellow graphic "locked padlock" on the bottom of your browser page. An unsecure site will have an "unlocked Padlock".

 

Close your browser: Have you ever noticed that sometimeswhen you go from one website to another and you are asked for your name or address, that the computer knows what you should enter? This is called caching and all the internet browers perform this convenient act for you. This "act of convenience" is not a good idea if you go from a secure site i.e. Om-Line Banking, to another website because the new site may have scanning software that will capture this sensitive and private information from the browser cache. To prevent this possibility, simply close the browser program and restart it. This clears the buffers and cache so any scanning software will "see" nothing.

 

Dean Bentle
Bentle Consulting, LLC
Mobile:      210-557-7944
E-mail:      dbentle@gmail.com