Information Security on the Web
  • Information Security on the Web

    Information Security on the Web

    We all have information that we wouldn’t want shared with strangers. Keeping your personal information and passwords private is essential to avoid identity theft, protecting bank accounts – basically maintaining your personal privacy. You wouldn’t leave your bank statements lying in public view, so how can you prevent people from seeing your personal data stored on the Web, your personal computers and computers at work?  The best way to prevent unwanted eyes from seeing your sensitive data is to know where and when it is safe to digitally store your personal information.

    Social Networking

    First off, social networks are inherently insecure.  Posting to Facebook and other social networks is not necessarily private – even if you keep your account private, people can still view comments you made on your friend’s pages (if their pages are not private). It is not hard to get around the flimsy protections put in place on these sites. Many employers use social networks to gather information about potential employees or partners. Youtube videos are not always private even though you set them as such. Although anonymous account are allowed on many websites, you are not anonymous to the web server hosting your data. Each time you visit a website, your computer’s connection information is stored in the server which can then be traced back to you. Even if you are aware of how to change privacy settings, it is best to err on the side of caution and not post personal information. Overall, the internet, and social networking in particular, is not private. Do not post private information, pictures, or any other type of data that is not meant to be seen by all.

    Email Safety

    Recently, there have been increased attempts by malicious companies and individuals to get through spam filters.  You may have seen emails from friends or family that contain advertisements. In the past few weeks, Yahoo, Hotmail, and Gmail account credentials have been stolen and then used to send spam emails to the contact lists of those accounts. This is a innovative way to get you to open spam mail, as you will see the message as coming from a trusted source.

    If your email account is compromised you will need to take swift measures to protect yourself.  First and most importantly, change the password to your email account and make sure you use a secure password (we recommend a minimum of 8 characters containing letters, numbers, symbols, and capitals).  Next run a malware scan program (like Malwarebytes) on the computers you use to access the compromised account. Malware is often designed to harvest passwords and personal information from your computer, so if you don’t get rid of it the attackers will be able to compromise you again.  While there is certainly cause for alarm, there is no need to panic; most often passwords are compromised by hackers stealing them main authentication database of your email provider.

    Do not open attachments in emails unless you know the source and know that it is not malicious. It never hurts to email the sender back and confirm that the attachment is legitimate. Also be careful of links that you receive in emails. If you hover the mouse over a link such as this http://google.com you will notice that the link may not be what it seems. The true link is the one displayed when you hover your mouse over the blue text.

    What Can Be Done to Protect your Information?
    Be careful supplying personal information to anyone on line. Unless you trust a site, don’t give your address, password, or credit card information. Look for indications that the site uses SSL to encrypt your information (if they do the URL will start with https:// – notice the s). Although some sites require you to supply your social security number (such as those associated with financial transactions for loans or credit cards), be especially wary of providing this information online. A final method of attack is through browser cookies which temporarily store data so that you don’t have to keep typing in your info over and over. If an attacker can access your computer, he or she may be able to find personal data stored in cookies. However, you can limit the use of cookies with just a few simple changes to your browser settings. Be careful which websites you visit; if it seems suspicious, leave!  The longer you linger the more time malicious individuals have to compromise your computer.   Finally be diligent about keeping your virus definitions up to date, scanning your computer for spyware regularly, and make sure you have the latest security patches from the manufacturer.