A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Data Theft

The unauthorized taking or interception of computer-based information

One of the reasons we are so computer-dependent these days is our reliance on digital documents. These days we store everything in our computers from important letters and personal financial information to digital pictures and music files. Almost every company operation is stored in digital form: memos, financial information, projections, customer records, etc. That's why it is so important to make sure the documents on your computer are safe from attackers. There are many ways an attacker can get to your personal documents, including getting into your computer's hard drive or intercepting email attachments. With this in mind, you must be very careful with your digital documents.

The three most common ways data can be stolen from your computer are:

  • Spyware applications installed from an email attachment
  • Spyware applications installed along with other applications
  • Intrusions by an attacker

Spyware applications grab information from your machine and send it to a central server without your knowledge. For more information on how to protect yourself from spyware, see the encyclopedia entry on Spyware.

A direct intrusion by an attacker can give him access to your digital documents and passwords. There are encrypted and secure methods for storing documents on your computer that you should use when storing sensitive information, such as passwords or financial data.

Protective Measures

Practices

  • Conduct regular anti-virus scans: Be sure to scan all files that you have received from other people. All major anti-virus software can be set to automatically scan files when they are transferred, but it's a good idea to also scan your computer manually on a regular basis. You should do this at least once every two weeks, or when you suspect a problem.

  • Conduct regular spyware removal scans: You can scan your computer manually, or you can set commercial anti-spyware software to scan your computer periodically for you. If your software has this ability, set it to scan at least once every two weeks. To scan for spyware manually (using Spybot as an example):

    1. Open the Spybot application and look for the navigation bar on the left side of the program.
    2. Click on Spybot-S&D to go to the main page. You will see an empty list and a toolbar at the bottom.
    3. Click the first button in this toolbar labeled Check for problems. After the scan is finished, the list will be populated with threats.
    4. Select all the threats and click the button labeled Fix selected problems.

  • Don’t open digital files on your computer if you are not sure about the source: If you don't recognize a file, don’t double-click on the file to see what it is. By doing so, you may activate a virus in your computer.

  • Do not send any passwords or sensitive files through email unless you have an encrypted or secure email server: Emails are very easy to intercept, and anybody who intercepts them can then read their content and attachments. Therefore, you should not send critical information via email or instant messaging.
  • Do not store sensitive data on your mobile device in clear text: Do not store account/password/credit card information on your mobile device unless you encrypt it. Encrypting applications (also called "digital wallets" or "wallets") store your private data in code, so that it is impossible for an attacker to read it. DataViz's Passwords Plus  is a good wallet for Palm devices, while eWallet  works for PocketPCs.
  • Do not store sensitive data on your laptop: Do not store account/password/credit card information on your computer unless you encrypt it. Encryption stores your private data in code, so that it is impossible for an attacker to read it even if he gets access to your computer.
  • Use public Internet connections sparingly: If you need to edit or create a document, and you do not need to be on the Internet, disconnect from the public network. For instructions on how to disconnect from the network, see Settings.

Settings

  • Set your anti-virus package for "Real-time Protection": Anti-virus software should provide the option of real-time protection, which means that it actively checks files that come into your system while you work. This lowers your chances of contracting a computer virus. To set real-time protection (using Symantec Norton Antivirus as an example), right-click on the Symantec Norton Antivirus icon in the icon tray in the right-hand bottom corner of the screen, then select "Enable File System Real-time Protection."

  • Set your anti-virus package for the types of files you want it to check: To set the types of files the anti-virus software will check, click on Start, then Programs, and start your anti-virus package. Usually, the program gives you the option of choosing between a few scanning methods. Symantec, for example, offers:

    • Scanning all files: All files on the computer will be checked regardless of the extension or file type.
    • Scanning by file type: The package will check all files of the chosen type, regardless of the potentially deceptive file extension. This is especially important in catching files with a double ending such as ".gif.doc".
    • Scanning by file extension: This scan is the fastest, since only files with the chosen extension will be checked.

    If you have a different brand of antivirus software, consult the manual for instructions on how to configure the settings for real-time scanning and scanning method.

  • Set your anti-virus software to make scheduled automatic scans: All major anti-virus packages offer the possibility to set scheduled full scans for viruses and malware. So, for example, every Friday night at 9:00 the anti-virus software will search for viruses and malware installed in the computer. Consult your anti-virus software's manual for more information on how to set this feature.

  • Encrypt files that contain sensitive information: Windows XP and Windows Vista  allow you to encrypt certain files so that only you will be able to read them. To encrypt a file:

    1. Right-click on the file that you want to encrypt in Windows Explorer (Start > All Programs > Accessories > Windows Explorer), and select Properties.
    2. Select the General tab and click Advanced.
    3. Check the "Encrypt contents to secure data" check box. Click OK, and then click Apply.
    4. You will be asked if you want to encrypt only the file or the file and its parent folder. Make your selection and click OK.
    5. To decrypt the file, repeat the above process, but clear the "Encrypt contents to secure data" check box.

    Windows Vista provides an additional feature called BitLocker Drive Encryption to prevent data theft. It provides drive encryption and an integrity check of early boot components. The drive encryption prevents unauthorized users from breaking the Windows file system and provides protection on lost, stolen or inappropriately decommissioned computers. The integrity check of the early boot components helps to ensure that data decryption is performed only if those components appear to not be tampered with.

    Mac OS X  only allows you to encrypt the entire contents of your home folder, not individual files. Use this tool with caution, because if you forget your password you will lose access to all of your files. To encrypt your home folder in Mac OS X:

    1. Go to System Preferences from the Apple menu. Click Security.
    2. If you have not yet set a Master Password, click Set Master Password.
    3. Click Turn on FileVault, and read the message that appears. If you wish to continue, click Turn on FileVault.

  • Set your firewall to filter the appropriate ports: Make sure your firewall is filtering the ports that correspond to the applications you use. For example, if you download files using FTP, you need to open and filter port TCP-21. If you use your computer as a public server, set filtering inbound as well. Make sure to always deny unused ports and allow regular traffic, not the other way around.

  • Disconnect from the network if you have any security concerns: There are two ways to disconnect from a network. The first way is to shut your computer down entirely. The second way is to disable the network interface card on your computer.

    1. To do this in Windows, go to the Control Panel (Start > Settings > Control Panel) and double click on Network and Dial-Up Connections.

      fragments_02000001.jpg

    2. Select the name of the network interface that connects your computer to the Internet. It is usually labeled Wireless or Local Area Network.
    3. Right click on it, and select "Disable." When you disable the interface, the icon will turn a light gray color.

      fragments_02000002.jpg

    4. When you want to reconnect to the Internet, return to the interface icon, right click on it, and select "Enable."

Tools

  • Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.

    Two popular anti-virus packages are Symantec’s Norton AntiVirus  and McAfee AntiVirus . AVG , AntiVir  and ClamWin  are free alternatives. The major anti-virus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses.

    PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless  and Symantec AntiVirus for Windows Mobile .

  • Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

  • Spyware removal applications: Anti-virus applications generally do not rid your machine of spyware, but there are many commercial and free spyware removal tools available. Some examples are Spybot - Search & Destroy , Ad-Aware , Pest Patrol , and Microsoft Windows Defender . Make sure that you find a legitimate spyware-removal application, since some products touted as anti-spyware applications are ineffective or actually install spyware and adware on your machine. Spyware Warrior  can point you to some good applications and tell you which applications to avoid.

Connect Safely from Different Places

Office

If you have any questions about these settings, consult your company’s system administrator.

Mobile

Mobile devices, like PDAs, are great for storing documents and files that you need on the go. But since PDAs are often used for storing personal data, passwords and credit card PIN numbers, they have become a valuable target for hackers. Be careful when you store passwords in your PDA and send sensitive information online. There are encrypted and secure methods for storing this information that can protect your data from being stolen. Also, be careful when you send information through email or upload it to a remote server. Hackers can easily intercept these communications and get their hands on a sensitive Word file or a password for your bank account.

Even though there are currently no spyware applications for handheld devices (e.g. PDA or cell phone), you can infect your desktop or laptop PC whenever you synchronize your PDA or cell phone and there is a spyware application among the files you are synchronizing. Therefore it is important to have an active anti-virus program protecting your mobile devices, since these applications sometimes protect against spyware.

Some PDA and mobile phone anti-virus software can be configured to automatically scan files when they are transferred. If your brand offers this setting, you should configure it. It’s also a good idea to scan your PDA and mobile phone manually on a regular basis, at least once every two months.

On the road

You must be very careful about what you do when you use the Internet away from home, especially when you are working with private information and sensitive documents. Surfing the web in public places and editing or creating digital documents in those places can be very risky. The principal threat is data theft: people stealing your documents, files, or passwords.

For example, when you use a public computer for online shopping, your traffic traverses a public network that is not protected by the online store you are shopping at. If the connection between the store and your computer is not encrypted, any other user on the public network you are using can easily obtain your credit card numbers and sensitive information by “listening to the line” (known as sniffing).

If you use your browser’s password management tool (e.g., Internet Explorer's auto-completion feature or Netscape and Mozilla's Password Manager function) on your laptop and use a public network, somebody else on the network could gain access to the files where those passwords are stored. Therefore, you should avoid using these tools if you regularly use public networks

Do not create or modify important digital documents on a public computer. These computers are accessible by anyone, and it is very easy to install spying applications on them. There's also the chance that you will leave a file on a public machine where anybody can open it.

If you need to work on a public computer, use a USB memory stick/key: If you must use a public computer for editing or creating files, plug your USB key into the public computer’s USB port before working on anything. The computer will recognize it as a hard drive, and you can then work with the files directly on the memory stick. That way, no information will be stored on the hard disk drive of the public computer, and you will not leave important files behind. Just make sure you remember to take the memory stick with you when you leave!

Privacy Issues

Do not store account/password/credit card information on your computer as a simple text file. If the computer is compromised, this information can be easily stolen from the hard disk. We recommend using a firewall and anti-virus software to reduce the risk of this occurring.

My home page