There are many security and privacy concerns when you use computers – some are annoying and some are scary. To be completely safe from all computer threats you would have to disconnect your computer from the Internet and never share files with anyone. You could also hire a high power security firm to watch every piece of information sent and received – but neither of these options are feasible.
We have previously talked about computer security in our June 2007 and November 2009 Viewpoints, but there are new threats that have surfaced because of the increased social nature of the Web. The use of Facebook and Twitter has led to social engineering – the gathering of information from all the things you do on the Web – and increased phishing attacks – using deceit to appear to be a legitimate site or an email, in an effort to get you to directly enter information about yourself.
The following outlines some possible cyber threats and how you can safeguard yourself and your information.
Data Mining – sharing personal information
Data mining is the gathering of information from large sets of data and using it to impersonate you. Information is collected from just about every site you visit – especially social networking sites, which contain a lot of personal information. So don’t provide more information on these sites that you wouldn’t want accessed by others. Perhaps most importantly, ensure your profile settings are set to “private” to control who views your information.
Privacy – sharing your location and photos
It is hard to maintain privacy when people are constantly posting their location online. The pictures of your new car or boat are certainly fun to share – but in the wrong hands, the pictures can tell people about your assets. Even worse, the background of the pictures can tell a lot about where you are keeping these items. Even if you do have your settings marked as “private,” you should still be careful. If someone comments on your status, their friends may be able to see it. So if you talk about your vacation schedule, you may have just given someone the information to target you for an attack while you are away.
Phishing – receiving suspicious emails from the IRS and banks
Many of you may have received an ominous email from the IRS, for example, telling you to immediately validate your information or else face an audit. The IRS, banks and other legitimate sites will not ask you to verify information like that in an email. Although some emails and links might seem harmless, they can lead you to sites that try to attack your computer through viruses or a variety of other methods.
Phishing – receiving suspicious emails from your friends and relatives
There is also a new variety of phishing that uses information collected from hacked email and social accounts to create very realistic looking messages. An attacker will send out emails or messages asking for money – but they appear to be coming from someone that you know very well. If this happens to you, call the person and make sure you recognize their voice before you click on anything or respond to the request.
Secure Sites – entering secure information safely
When you are entering secure information – such as a username and password – you should make sure the website is secure. If you are on an unfamiliar site or one you don’t deal with regularly, there are several things that you can look for. If the address line starts with “https” instead of “http,” then it is using a secure connection. In Internet Explorer, you will also see an icon of a gold lock* at the end of the address bar (the long box where you enter the website address) indicating that the site is secure. For all other browsers, there will be a similar icon.
*Internet Explorer icon:
Protect Your Information – important points to remember
- Only give out as much information that is needed
- Set your privacy settings so that only people you know can access your information
- Be careful about what you open and what you click on
- Only use secure sites for sensitive data
- Keep your virus and malware programs up to date
- Use strong passwords that you change often – using at least 8 characters; using a combination of uppercase, lowercase, numbers and special characters; NOT using common information, such as family names or birthdates.
Your information and privacy is important to you and to us at Truepoint. We are continually updating our security policies and practices to adapt to our changing world and to keep your information as safe as possible.
For more information, please contact Lisa Reynolds at 513.792.6648 or firstname.lastname@example.org.