Online Security is a major issue for most individuals and organisations. Every day there are stories in the media of hacking exploits leading to the theft of financial and corporate data and at a personal level of fake websites stealing personal details. No wonder Online Security has become a major player in the minds of most users.
The big question is how to minimise the amount of personal data that is collected about you as you go about your business and pleasure on the Internet.
First, what are the simple things to do to minimise the threat of ID theft?
The first and most obvious safeguard for the individual and indeed the corporate user is to install a strong anti-malware package on the desktop, one that can identify dodgy websites and stop the user connecting to them. The Windows 10 Edge browser for example includes this feature.
Stop Tracking of your Internet Activity
The second is to set up your systems environment to reject attempts to secure information about you and your Internet activities. This usually involves rejecting attempts to place cookies onto the PC. There are many tutorials available from Microsoft and other competent authorities.
Be Educated and Aware
The third and most effective way is to be aware of situations in which your information could be stolen and how to avoid them. This is ongoing education which must be refreshed from time to time.
Second, what are the common ways in which data is collected:
Phishing is a mass attempt to direct unsuspecting users to fake websites. This is usually achieved by sending them an email that looks like it comes from a trusted source, usually a financial institution or friend. The email contains a web link that takes the user to the hacker’s website. The website mimics a real website, perhaps the sign-on page for online banking. When the user tries to log-on, their credentials are recorded.
A variant that supports ID theft is that the seemingly safe website downloads malware onto the user’s PC. This malware does two things, it records the users keyboard strokes and secondly scans the PC for user id information., both of which it sends back to the hacker.
The only way for an individual to prevent phishing attacks is first, to never click on an embedded link in an email, and secondly invest in a strong anti-malware software application.
Spear phishing is similar in that instead of sending the email to a mailing list of hundreds of thousands, a much smaller mailing list relevant to the targeted corporate organisation or individual is used.
Have you ever searched for yourself using a search engine? If you haven’t, do it and you will be very surprised about the amount and location of the information you will see has been collected about you and your internet activities.
A lot of this comes about because of advertising. Marketeers are very keen to know what your interests are so that they can provide targeted ads related to your areas of interest. Google do this all the time, recording your search areas and positioning focussed adverts on their first page. They also provide software applications and plugins to do the same thing on third party sites. It is a major revenue earner for them. There are also tracking cookies that websites install on your PC when you visit them.
The way around this, don’t use Google and set up your browser to reject installation of cookies. There are also software applications like SpyBot that will clear them from your system. Use a search engine that does not record your searches, for example Firefox.
A second way is that you are asked to provide an email address to see website content. This is usually so that the website operators can build up an email mailing list to contact all their subscribers. The mailing list can be sold or stolen. You start to receive spam emails from people you don’t know trying to sell you stuff in which you have no interest.
The simplest way around this is not subscribing to any emailing lists. That may not be convenient. but one way to limit the amount of spam email you receive is to create a free email address, for example from Google Mail, that you use in cases like this. Completely ignore this mailbox, and only look at it once in a while to ensure that no legitimate emails have strayed into it and to clear all the email out to keep it operational. You may also be able to set up a mail processing rule that permanently deletes all incoming mail.
It is impossible, well almost, to use the Internet without leaving footprints. The secret is to be aware, be careful, and never click on embedded email links.