Data Theft

Practices

• Choose strong passwords: Passwords that are dictionary words, have fewer than 7 characters, or are easily guessable are vulnerable to password cracking. There are tools available that can crack weak passwords in less than 10 minutes. A strong password is at least eight characters long and has a combination of upper/lower case letters, numbers, and special characters. You should not use your online banking password(s) at other Web sites.

• Update your browser with the latest software updates and security patches: New security problems are constantly being found in browser software that has already been released. Software vendors therefore make updates or security patches available from time to time that fix these problems. A patch is a downloadable piece of software that repairs a security problem or other "hole" in the software. Since most intruders exploit these known weaknesses, failing to download a patch creates an unnecessary risk. The unpatched hole could serve as an entry point for hackers who want to examine, damage, or exploit the information and services on your computer. It is also important to use the latest version of your browser since newer versions will have stricter security standards and fewer vulnerabilities.

  Unfortunately, Internet Explorer does not have an automatic update feature. The Microsoft  Web site has a "Scan for updates" feature that scans your computer to determine which updates you need, including any for Internet Explorer. The Web site can be reached through the link above, or by the Tools > Windows Update option in Internet Explorer.

• Avoid storing sensitive data on your computer: Do not store account/password/credit card information on your computer as a simple text file. If the computer is compromised, this information can be easily stolen from the hard disk. We recommend using a firewall and anti-virus software to reduce the risk of this occurring. See Tools for more information.

• Check your bank and credit card statements for purchases that you did not make: Regularly check your bank, credit and debit card statements to make sure that all transactions are legitimate. It is important to know what you did and did not buy so that you are better prepared to answer questions if somebody steals and uses your financial information.

• Always check that the connection is secure before making a payment online: Make sure the payment form where you enter your personal information, billing address, and credit card information is secure. You can identify this by looking at the address of the Web page. On secure Web sites, the address begins with “https://” instead of the typical “http://”. Also, your browser should display a lock icon. Internet Explorer displays this in the lower right hand corner of the window as in the picture below.

  

• Only use e-commerce Web sites that have good authentication procedures: Authentication procedures are the way the site determines you are who you say you are. Read the Web site's privacy policy. If there is none, beware. Web sites should require that you have a strong password. Changing passwords should require that you enter personal information known only to you (like your mother's maiden name, your pet's name etc). The site should lock you out after a certain number of tries at the password. It should also require you to provide the numbers on the back of your credit card, or a code word you determine when you set up an account.

• If using a public computer, delete all private information that is automatically stored: All browsers automatically save a history of all the pages that have been accessed. If you buy something online, this information will be stored on the computer automatically; therefore, it is a good idea to delete this history when you leave. To do this in Internet Explorer, go to Tools > Internet Options and click on the Clear History and Delete Cookies buttons.

• Do not store sensitive data on your mobile device in clear text: Do not store account/password/credit card information on your mobile device unless you encrypt it. Encrypting applications (also called "digital wallets" or "wallets") store your private data in code, so that it is impossible for an attacker to read it. DataViz's Passwords Plus  is a good wallet for Palm devices, while eWallet  works for PocketPCs.

Settings

• Browser settings: Most browsers come with default browser settings which may or may not be enough for complete security. You can change these settings to make your browser more secure. The picture below displays the security settings of the Internet Explorer browser. You can reach these settings in Internet Explorer by choosing Tools > Internet Options > Advanced.

  

  If you decide to modify the default settings, make sure you check the following:

  • The “Check for publisher certificate revocation” option lets you make sure that the site’s security certificates are still valid.
  • The “Warn about invalid site certificates” option gives you a warning message when a site provides a false or expired security certificate.
  • The “Warn if the forms submittal is being redirected” option ensures that the Web site you are providing information to is the one you intend.

Tools

• Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.

  Two popular anti-virus packages are Symantec’s Norton AntiVirus  and McAfee AntiVirus . AVG , AntiVir  and ClamWin  are free alternatives. The major anti-virus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses.

  PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless  and Symantec AntiVirus for Windows Mobile .

• Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

• Disk Scrubber: Privacy tools called disk scrubbers are used to make sure that data deleted from the hard disk of a computer cannot be recovered. This is particularly useful when users wish to sell their laptops or hard drives; a user's confidential data should not be recoverable by the new owners. Some common tools used for disk scrubbing are Windows Washer , Eraser , and Evidence Neutralizer .