Zen and the Art of Internet Security
The first thing to know is the real story on hackers, the programming pirates of the Internet. From the Pentagon to Western Union, hacker stories have rocketed onto the worldwide stage, reported by the evening news, and even translated by Hollywood into blockbuster hits. Hey, no wonder there are so many fears about Internet security out there.
But let me put this into perspective for you. Hackers are generally more motivated by the glory these exploits bring them than the tangible gains of stolen information. Other common hacker profiles include terminated or disgruntled employees trying to get back at an employer and users who lost money or had poor service on a site.
Planes, Trains, and SUVsStatistically speaking, you are in more physical danger driving along the highways and byways of this great country than you are flying in a commercial airline. But somehow, flying instills a greater sense of fear than driving does. A similar rule applies on the Net.
The average consumer is much more prone to physical breaches of security than those that occur out there in cyberspace. Think of all the times you’ve used your credit card at a store. You trust clerks with your credit card number. Are they honest? Do they properly shred carbons or other pertinent copies of your personal information? Just as a dishonest or careless store clerk is the exception to the rule, hackers are also the exception to the Internet experience.
Here are some practical rules concerning things you can do to protect your personal and business information when working on the Internet:
Passwords are meant to be secret. Do you know the names of your coworkers’ family members? How about their pets? Exactly. There’s a good chance you can guess their passwords, and they can guess yours. Avoid the obvious. And that goes for popular words, too.
Love, secret and God are three of the most popular passwords in the country. Make your password harder to guess. You could pick a word out of the dictionary at random or make up a nonsense word. You might also try combining letters and numbers. Then change your password every few months.
Whatever you do, don’t write your password down under “P” in your Rolodex.
Don’t get “spoofed.” As a user, you need to perform your own due diligence. Double-check the site’s URL, or address, to make sure you typed it in correctly. Many impostor sites (or “spoofs”) are one letter or one digit off. If you regularly find a site by using a search engine, check that the site you selected is where you meant to go.
Websites need only register with a search engine for key words to show up when a search is performed. Spoofers can use the same name as another site, with the only difference being “.net” instead of “.com” at the end of the address. You might want to bookmark your favorite sites so you can find them directly in the future. Be sure to check for authentication certificates on the sites you are visiting from third parties such as GeoTrust or Verisign.
Check your “locks.” All legitimate websites have some basic security to protect customers. After all, they wouldn’t be in business long if they weren’t trustworthy.
The first line of defense in any site is data encryption. This is the process by which information input by the user is translated into code, transmitted to the home server, and decoded. Data encryption is very expensive in terms of processing time, so typically only the most sensitive information, such as a credit card number, is encrypted.
If you are using a site to transact business, you can check to see if the page you are working on is doing all this. Simply look for a symbol of a lock in the lower right-hand corner. When the lock is closed (or “locked”) that page is secure. One caution: Because of the cost of encryption, it is possible that less-sensitive information on adjacent pages will not be secure.
Companies usually try to protect information that is specific to their businesses or information of a personal nature that could embarrass customers. This includes information such as user lists, passwords, site activity, trade secrets, financial information, and medical information.
One way you can be sure you are providing this type of sensitive information only to the company that you wish to contact is to double-check the address listing once you are in the site.
I’ve found in my experience that following some of these very simple steps not only has helped me avoid a few security scrapes, but it brings a lot more confidence and peace of mind to the Internet experience.
Excuse me, while I go change my password.
Hansen is vice president and chief technology officer at BidBuyBuild, Inc. (www.bidbuybuild .com), an Internet marketplace for hvac suppliers and contractors.