How Vulnerable Are You to Identity Theft?
In today’s asymmetric threat environment you must practice situational awareness, follow computer security best practices and use plain common sense. The burden for keeping your confidential information safe and secure rests squarely on your own shoulders. Identity theft truly is easy for a criminal or unscrupulous person and a high reward, low-risk crime. How Innocent Are You?
What level of vulnerability do you have? Read the questions below. If you answer “No” to one or more of the questions it is only a matter of time before your personal digital profile is successfully attacked.
- Do you shred all printed material (unsolicited offers for credit cards, subscriptions, loans, etc.) that contains your name, address and account number written upon them? Identity thieves love to pillage through discarded trash that has been left “whole”.
- Do you employ extra caution when using social media? Sooner or later you’ll be in contact with an illegitimate user and targeted when using social media. You must be careful. Identity thieves love the target rich environment of dating sites, electronic meeting sites and linked in sites.
- Do you and members of your family carefully use mobile media? We have aggressively moved our personal digital profile into a world that is filled with threats. Active threat vectors are arrayed against your mobile computer or communication devices and are constantly probing for vulnerabilities. You will be “targeted”. It’s only a question of whether your security preparedness allows you to deter the attack.
- Do you cautiously use public “hot spots” to access your computer? Public wireless access points are literally a playground for identity thieves. Your information will be stolen if you are without the protection of robust encryption mechanisms.
- Do you routinely obtain and download software updates to your computer? An intruder has already been in your computer if you fail to routinely update your application software, operating system or browser version. Make it a habit to update.
- Do you know what the word “phishing” means? “Phishing is another word for scam. Be alert. Sometimes these communications can appear to be real (i.e. from your bank or credit card company). Be suspicious of any contact that asks for confidential information. Contact the organization by telephone if you have any concerns.
- Do you have Internet security software installed on your computer? You must have an up-to-date Internet security software installed and operating on your computer; otherwise, you are being negligent.
- Do you actively practice threat and vulnerability analyses? Consider the threats around you and take steps to determine how you might be vulnerable.
- Are your home and personal items secure? Make sure that you have your valuables and confidential information locked in a safety deposit box, home safe or otherwise protected.
- Have you educated your spouse and children as to the threats against you and your family? The most innocent are frequently targeted. Predatory identity thieves want information that they can use about your spouse, children and the elderly. That is both intolerable and very dangerous.
- Do you encrypt sensitive files? Using strong encryption on your critical files will increase the difficulty of a cracker or hacker gaining access to your information.
- Do you share files downloaded from the Internet with others? Simply don’t. Malicious people have countless ways to invade and steal from your computer. Avoid “opening the door” for them.
- Do you use strong passwords and backup your critical information? You must. Weak passwords can be defeated. Electronic or mechanical failures will occur. The only question is when.
- Have you changed the password to your wireless router from that which was provided by the equipment manufacturer?
Identity thieves hope your password to your network is exactly as it was when it came out of the box.
Dr. William G. Perry is the founder of Paladin Information Assurance ([http://www.paladin-information-assurance.com]) and its chief information security analyst. Paladin’s mission is to help organizations discover information security risks and to deploy mitigations. Its core belief is that the protection of digital processing infrastructure is a matter of national security and must be treated as a key business process.