A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Data Theft

The unauthorized taking or interception of computer-based information

Data theft is the act of stealing computer-based information from an unknowing victim with the intent of compromising privacy or obtaining confidential information. Data theft is increasingly a problem for individual computer users, as well as big corporate firms.

There is more than one way to steal data. Some popular methods are listed below:

  • E-commerce: You should make sure that your data is safe from prying eyes when you sell or buy things on the Web. Carelessness can lead to leaking your private account information.
  • Password cracking: Intruders can access your machine and get valuable data if it is not password-protected or its password can be easily decoded (weak password).
  • Eavesdropping: Data sent on insecure lines can be wiretapped and recorded. If no encryption mechanism is used, there is a good chance of losing your password and other private information to the eavesdropper.
  • Laptop theft: Increasingly incidents of laptop theft from corporate firms occur with the valuable information stored in the laptop being sold to competitors. Carelessness and lack of laptop data encryption can lead to major losses for the firm.

Protective Measures

Practices

  • Avoid storing sensitive data on your computer: Do not store account/password/credit card information on your computer as a simple text file. If the computer is compromised, this information can be easily stolen from the hard disk.
  • Only use e-commerce Web sites that have good authentication procedures: Authentication procedures are the way the site determines you are who you say you are. Read the Web site's privacy policy.
  • Always check that the connection is secure before making a payment online: Make sure the payment form where you enter your personal information, billing address, and credit card information is secure. You can identify this by looking at the address of the Web page. On secure Web sites, the address begins with https:// instead of the typical http://.
  • Choose strong passwords:

    Choose strong passwords: Passwords that are dictionary words, have fewer than 7 characters, or are easily guessable are vulnerable to password cracking. There are tools available that can crack weak passwords in less than 10 minutes. A strong password is at least eight characters long and has a combination of upper/lower case letters, numbers, and special characters. You should not use your online banking password(s) at other Web sites.

Legal Issues

Privacy

In many states, companies are required to notify you if their data about you has been stolen. The Web site's privacy policy will let you know what measures they will take to secure your data, as well as what they will do if that information is compromised.

References

My home page