Personal Online Security Best Practices
In the last article, I talked about Spyware, Viruses, and Worms. Now let's talk some specifics about how to protect yourself from these online threats.
Protecting yourself online consists of protecting the following three items:
- Your credit card or other finanical data when making online purchases.
- Your computer and internet bandwitch from being misused.
- The data on your computer from being misused.
When speaking of online security, most people only think about the first item. Protecting your credit card, or other online payment mechanism, is very important, but the other two threats to you and your computer are just as real and are more common than having problems with online purchases.
Protecting financial data
Threats to your financial data are not limited to bad guys stealing your credit card number during a transaction with a website. Certain kinds of e-mail campaigns (called phishing) are out there trying to convince unwary users to enter their login information into a "spoof" site that looks exactly like the real site that they purport to be. The login information can then be used to get personal data or to clean out accounts from online services.
Phishing campaigns have, so far, tended to be "from" larger banks (Citibank, SunTrust, Washington Mutual, Lloyd's TSB from London) or "from" services like PayPal or EBay. The e-mails have the look and feel of the websites and will direct the unwary recipient to to a website that has the look and feel of the website as well. The phishing site will ask for the users' information (name, address, SSN, and password), and will record that information for later use by the perpetrators of the phishing attack.
Notice that the phishing campaigns rely on fooling users by mimicking the look and feel of a website, but that they can't mimic the actual internet address of the real website. Because of that fact, there is a handy tool available as both an Internet Explorer plugin and as an extension ot the FireFox browser. It is called the SpoofStick and is available at www.corestreet.com/spoofstick (external link). This site also has some good information about phishing attacks and how to protect yourself from them. I've been using the FireFox extension for some time and have found that it works well, doesn't get in the way of legitimate work, and does provide a good sense of "where you are" on the web.
We have our own published guidelines on how we will use e-mail to communicate with customers - especially about what we will ask in an unsolicited e-mail.
Protecting your computer and bandwidth and protecting your data
Steps to take to protect both your data on your computer and your internet bandwidth are essentially the same. Both can be compromised by spyware, viruses, or worms so the steps to take to keep one safe keep the other safe as well.
If you've got a broadband (DSL or cable) internet connection, a brand new unpatched Windows XP machine will survive only about 20 minutes before being comprimised by various worms and viruses! (You can read more about that at TechWeb (external link). Fast computers with lots of bandwidth are valuable to virus and worm authors because they can be turned into vast armies of SPAM zombies (external link).
What can a person do? Even with high-speed internet, it takes some time to patch a PC to current release levels. If you have a Windows XP machine and a copy of SP2 already downloaded, it can still take up to 30 minutes (or more!) to load the service pack alone!
- Install a firewall - either a software firewall (like Norton Internet Security) or a hardware based firewall (Linksys makes a nice little DSL/Cable Router for around $50 - about the cost of Norton Internet Security). Firewalls will inspect inbound traffic and will block unsolicited traffic before it even hits your computer to comprimise it. Please note: a firewall alone does not protect you from all threats!
- Install and keep up to date your antivirus software. Norton and McAffee make good antivirus software. Grisoft makes a free-for-personal-use antivirus program (external link) that seems to run as well as Norton and updates easily.
- Download and run AdAware and SpyBot Search & Destroy (external links) weekly.
- Keep your machine patched. MS Windows can be updated at windowsupdate.microsoft.com (external link)
Protecting your Identity
As of March 1, 2005, residents of Iowa can obtain a free credit report once per year from www.annualcreditreport.com (external link). Consumers will get this report at no charge and will have the opporuntiny to review it for accounts on file that are not legitimate. I would encourage everyone to do this annually. It's a fairly straightforward process and can be a good way to monitor your identity and catch problems before they get out of hand.
I hope that this lengthy article was at least somewhat helpful. If you have any questions, please e-mail me at security@tsbbank.com and I'll do my best to answer them.
Aaron Boyken
Technology Officer
Titonka Savings Bank
3/24/2005
173 Main St N, PO Box 309 • Titonka, IA 50480-0309
Telephone 515-928-2142 • 800-920-2085
Fax 515-928-2042
101 Highway 69 N • Forest City, IA 50436-1616
Telephone 641-585-3247 • Fax 641-585-3907
155 Jackson St, PO Box 7 • Thompson, IA 50478-0007
Telephone 641-584-2275 • 866-984-2275
Fax 641-584-2575
©2001-2007 Titonka Savings Bank
03/24/2005