Windows Secrets personal security baseline

Keys to security By Jan Bultmann

Frequent Internet users get mixed messages about data privacy.

We worry about data miners and identity theft but put our life stories up on Facebook. Here are some basic steps to enhance your personal security.

Are we confused or just careless about our privacy? On the one hand, we hear plenty of stories about the data-mining and aggregation techniques used by companies and various governmental agencies around the world, as well as by criminals seeking to use social engineering to trick people out of money or processor power.

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 10, Windows 8, Windows 7, Firefox, Internet Explorer, Google, etc. Join our 460,000 subscribers!

Enter your email above to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.
The Windows 7, Vol 3 (Excerpt)

Subscribe and get our monthly bonuses - free!

The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!

At the same time, social-networking sites such as Facebook, Twitter, and LinkedIn — which many people see as legitimate and benign — ask for more and more information about our past, our employment, and our interests. With almost every iteration of these sites, the Internet presses more deeply into our privacy.

You have good reason to think twice before filling out every field your social-networking site presents to you. In case you forget the varieties of Internet perils out there, here are reminders of what’s not in your interest when some people get their hands on your data. After that, to cheer you up a little, are 10 tips on how to protect your privacy.

A flourishing black market for personal data

You undoubtedly know that cybercriminals gather personal data to steal identities and money. Users can suffer damage to their personal credit and even jeopardy to their physical safety. But you might not know that most cybercriminals sell your data to other criminals.

Criminal networks exchange huge databases of personal information that can be used for everything from scamming credit-card companies to creating botnets — networks of personal computers that have been compromised and are controlled remotely and secretly. Botnets can be used to launch denial-of-service attacks, for example, without the computer owners ever knowing anything is amiss.

Criminals also use personal data to assemble elaborate social-engineering scams, in which they might impersonate you online to gather information from others you know or to trick your online acquaintances into clicking dangerous links that lead to spoofed websites. Most of us know such scams dupe people into downloading viruses or spyware onto their computers, but it still happens — frequently.

Online information is searchable. Powerful Internet search engines and data-crunching tools make it easy for criminals to build a full profile of you, even if the information about you online is distributed over many different social networking sites or posted by many different people.

It doesn’t hurt to remember that any data published online is there forever. Depending on the privacy policy of the company holding the data, your formerly private information might ultimately be seen by anyone on the Internet.

Personal data can get online a number of different ways.
  • You shop or do business on the Web. Any time you set up an online account, buy goods online, register for contests, take part in surveys, download free software, or simply surf the Web, you provide data to businesses, governments, and other organizations.

    Businesses use your personal data to verify who you are when you complete a transaction. They also record your preferences so that they can deliver personalized content or special offers. A business’s retention of your personal information also allows it to offer you conveniences: you don’t have to enter your shipping address again and again.

  • You exist: therefore, you have official records. Records maintained by government agencies are searchable. For example, photos of your house (and a statement of its value), your birth certificate, and copies of your signature might all be easily available.

    Professional associations or nonprofits might reveal your full name, workplace, and donation history.

  • You freely participate in social-networking sites. You or your friends might post enough information on social-networking sites for criminals to assemble a fairly complete picture of your life.
Ten tips for data privacy

Here are tips for how to protect your personal information.
  • Use unique Forgot your password? questions: One of the most frequent ways hackers break into the social networking accounts of celebrities and public figures is by clicking the Forgot your password? link on the signin page. The site verifies the person’s identity by posing questions that can easily be answered about most people with a simple Web search: Where did you go to high school? What is your father’s middle name? Whenever you can, write your own custom password questions that have answers no one could easily find. If you have to use default questions, make up more-secure answers — just make sure you can remember them.

  • Protect your friends: Don’t let social-networking services scan your e-mail address book. When you sign up for a new social network, it often offers to save you time by scanning your address book to see whether your contacts are already on the network. Some sites then send e-mail messages to everyone in your contact list — or to everyone you’ve ever sent an e-mail message — without warning you that they’re going to do it.

  • Check privacy policies: Before you provide any data to a website, read its privacy policy. The policy must clearly explain what data the website gathers about you; how it is used, shared, and secured; and how you can edit or delete it. If the site doesn’t have a privacy policy, don’t use it.

  • Don’t post your location: GPS-based services such as Foursquare can now automatically post the location of your cell phone when you “check in” at a business or restaurant. Disable the location feature on your cell phone, and don’t post your location on your social-networking site. Wait to post holiday pictures until you’re back at home. When you reveal online that you are away from home and your residence is unoccupied, you can never be sure who’s reading.

  • Use privacy settings: If you use a social-networking site, thoroughly investigate its privacy options and lock down your accounts as tightly as you can. Share only with people you have met in person.

  • Monitor your online presence: Search for your name on the Internet. Use at least two search engines, such as Bing and Google. Search for text and images. If you find sensitive information about yourself on a website, look for contact information on the website and send a request to have your information removed.

  • Approach links with caution: Treat e-mail messages and IMs on social-networking sites with caution, and don’t click links inside them unless you know that the person who appears to have sent them actually did. Keep an eye out for generic language that could be from anyone or to anyone. For example, the message “What are you doing in this video?” might very well be a social-engineering scam, whereas “Here’s a video I took in 2003 when we were traveling in Maui in Chris’s blue VW campervan” is probably not. If you have any doubt at all, confirm with your friend through an alternate means before you click any links.

  • Do your banking and bill-paying at home, and bookmark the URLs: Never enter confidential personal information, such as your Social Security number or credit-card numbers, into a website using a public Wi-Fi system or public computer. Save transactions for your home computer, and make sure you use a bookmark link to open websites for your bank or e-commerce sites. Never access your bank, credit-card, or online-shopping sites from links in e-mail. It’s easy for criminals to send fake e-mails from spoofed e-mail addresses, create fake sites that look like the real thing, and then harvest your information for the black market.

  • Shop only at encrypted sites: Before you enter a credit-card number on a shopping site, check the URL to make sure the site is secure. This site should use a URL that starts with https instead of the more-common http. The s is for secure: if it’s not there, don’t enter your information.

  • Keep your computer safe: According to the Microsoft Security Intelligence Report, the single leading cause of data loss continues to be loss of computer hardware. Laptops and other mobile devices get stolen from cafés, airports, public transportation, and almost any other place travelers are likely to be found. If you travel with a computer, treat it like your wallet — it probably has more in it!
Feedback welcome: Have a question or comment about this story? Post your thoughts, praises, or constructive criticisms in the WS Columns forum.

Jan Bultmann writes about Windows and Office security. She spent six years writing and editing for Microsoft’s Security at Home website and now works freelance. She’s on Twitter as EyeOnUptown, where she follows security experts, Nathan Fillion, WikiLeaks, and ioerror.
= Paid content

All Windows Secrets articles posted on 2011-03-03: