CLLB Information Security Newsletter. Volume 1 Issue 5.

Volume 1 Issue 5
Personal Privacy – How to Protect Your Information

From the Desk of David Badertscher
As we continue to conduct more business online, such as banking, shopping and other activities, our personal information (such as name, credit card account, address, etc) is increasingly utilized. Personal information has become a frequent target for data thieves and the volume of breaches involving personal information continues to grow. According to the Privacy Rights Clearinghouse, there have been more than 240 million records containing sensitive personal information involved in security breaches to-date nationally.

What Personal Information is Collected?

Many types of organizations are interested in obtaining and using your personal information, and it’s important to know what information is being collected, by whom and how it will be used.

Websites track web users as they navigate cyberspace. Data may be collected about you as a result of many of your routine activities including:

· When you make purchases and pay bills with credit cards, you leave a data trail consisting of purchase amount, purchase type, date, and time.

· When you pay by check, data such as phone number, home address, driver’s license number, etc. may often be requested to verify your identity.

· When you use supermarket discount cards, the store is able to create a comprehensive database of everything you have purchased.

· When you surf the web, you leave a significant data trail such as your name, email address, Internet address of your computer, the name of your computer, the last time you visited that particular site, the type of browser and operating system you are using.

· When you sign up for a subscription or service (for a magazine, book or music club, professional association, warranty card, etc.) or give money to charities your personal information is often collected and stored.

Protecting Your Personal Information
The following tips should be used to help you manage your personal information wisely, to help minimize its misuse, and to lessen the risk of your personal information being compromised:

· Most legitimate websites include a privacy statement. This is usually a link at the bottom of the home page and details the type of personally identifiable information the site collects about its visitors, how the information is used-including with whom it may be shared- and how users can control the information that is gathered. Be sure to read the privacy statement on websites you are visiting prior to providing any personal information, to understand that entity’s policy regarding protection of data.

· When shopping online, guard the security of your transactions by ensuring the transaction is submitted securely. When submitting your purchase information, look for the “lock” icon on the browser’s status bar to be sure your information is secure during transmission.

· Periodically check your Internet browser settings (e.g. Security and Privacy) to ensure that the settings are adequate for your level and type of Internet activity.

· If you are not already using anti-spyware or adware protection software, start now. This software is designed to protect against spyware or malware designed to extract private information from your computer without your knowledge. Make sure you keep the anti-spyware or adware protection programs updated.

· Be sure to have a firewall installed and enabled on your computer.

· If you store private data on your laptop or other portable electronic devices (e.g. USB), use encryption software to protect your private data in the event the device is lost or stolen.

· Use strong passwords on all your accounts, such as a minimum of eight characters and a mix of special symbols, letters and numbers.

· To protect against identity theft, always question someone who is asking you to reveal any personably identifiable information. Find out how it will be used and whether it will be shared with others.

· Keep items with personal information in a safe place. When you discard receipts, copies of credit applications, insurance forms, health records, bank statements, or other personal documents, tear or shred them.

· Order a copy of your free annual credit report. Make sure it’s accurate and includes only those activities you’ve authorized.

References
To learn more about protecting your privacy, you may wish to visit the following sites:

· Identity Theft: www.ftc.gov/bcp/menus/consumer/data/idt.shtm
· Consumer Action: www.consumer-action.org

· Electronic Privacy Information Center: www.epic.org
· Privacy Rights Clearinghouse: www.privacyrights.org

· World Privacy Forum: www.worldprivacyforum.org

· Free Annual Credit Report: www.annualcreditreport.com
· US-CERT Tips for Strong Passwords: www.uscert.gov/cas/tips/ST04-002.html

News from SC Magazine Newswire
September 30, 2008.

Study: Few internet users exercise caution Angela Moscaritolo September 25, 2008 In a recent study, researchers found that most users are susceptible to tricks that could potentially open them up to attacks by malicious software.

Group tells FTC more RFID security guidance is needed Angela Moscaritolo September 24, 2008 The Federal Trade Commission should tighten regulations around the use of RFID, urged an industry group.

No charges in Palin hacker investigation Dan Kaplan September 24, 2008 A federal grand jury has failed to return an indictment against the University of Tennessee student accused of hacking into vice-presidential candidate Sarah Palin’s webmail account.

The information provided in these Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture.

Organizations have permission–and in fact are encouraged–to brand and redistribute this newsletter in whole for educational, non-commercial purposes.

Brought to you by:

http://www.msisac.org

——————————————————————————–

This message may contain confidential information and is intended only for the individual(s) named. If you are not an intended recipient you are not authorized to disseminate, distribute or copy this e-mail. Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail from your system.

Contact Information