Monday, June 7, 2010

The security of your personal information online

Here are some tips for being sensibly paranoid in this age of viruses, phishing, scams, employer surveillance, the PATRIOT Act, and companies selling your data for a buck. You don't have to lock yourself down, but if it makes you feel safer, here's how to do it.

At work
  • Unless you are at your home computer, assume that your browsing is being monitored. Your employer has the right to monitor your work computer and e-mail account. Its contents may be subject to search warrant or subpoena in any legal action involving your employer. And businesses use archiving and discovery software that means they can still access what you've deleted.
  • Do not visit any sites or download anything that could get you in trouble (even if you think you can hide your tracks.)
  • Do not send or receive any e-mails containing personal information from your work account.
  • DO tell your friends and family not to use your work e-mail address or voicemail.
  • Do not use the same password for everything.
  • Do not use real words or names in your passwords, and don't use your birthday, your spouse's birthday, the last four digits of your social security number, or your anniversary as a PIN.
  • Do not give real answers to secret questions like "What street did you grow up on?" or "What is your pet's name?" That information is too easy for someone to find out. Instead, make up false answers that you'll be able to remember.
  • Do not keep passwords in your wallet or desk drawer.
  • DO use a trustworthy service like, or a password card.
Social Networking
  • Do not post any information, messages, or pictures you wouldn't want your spouse, parents, and current and future employers to know about. The privacy controls and terms of service change so often that what's secret today might not be secret later on. Not to mention, there are frequent bugs and leaks.
  • DO follow the advice in 10 Privacy Settings Every Facebook User Should Know.
Shopping and browsing
  • Do not click links in ads for weight loss products, dating sites, "business opportunities," credit repair, home loans or refinancing, student loans, or sexual health products.
  • Do not sign up for discount programs that lock you into subscriptions, or offer limited time free trials after which they deduct a monthly payment from your credit card. They are a rip-off, and also notorious for selling your personal information.
  • DO use PayPal or Google Checkout to pay for purchases whenever possible. These are trustworthy companies, and using them keeps other online merchants from having your credit card info.
  • Do not respond to, open attachments, or click links in e-mails or instant messages unless they come from someone you have already corresponded with. (Even then, if it seems out of character for them, they may have been hacked.)
  • Do not respond to or click links in e-mails that claim to be from your bank or credit card company. Ironically, these phishing messages prey on your fears of being a victim of identity theft. If you are concerned call your bank or credit card company, using the number on the back of your card.
  • DO use a separate e-mail address (a free webmail account is good) for websites that require that you sign up with one.

Empire State College Library Research Blog
Questions? Ask a Librarian

No comments: