Editorial: Be vigilant with online identity
Internet shopping, banking and online bill paying have made our often-complicated lives easier in many respects. In other ways, they've only compounded the headaches of daily life.
Tuesday's announcement that Russian computer hackers had swiped 1.2 billion sets of user names and passwords, and hundreds of thousands of email addresses, once again raises the issue of lax Internet security and the failings of some older protection systems.
"For all the new security mousetraps, data security breaches have only gotten larger, more frequent and more costly," The New York Times reported. "The average total cost of a data breach to a company increased 15 percent this year from last year, to $3.5 million per breach, from $3.1 million, according to a joint study last May, published by the Ponemon Institute, an independent research group, and IBM."
Everyone remembers the infamous Target data breach of last winter. In that case, which involved credit card numbers and customer PINs, 40 million customers were affected.
With 1.2 billion sets of user names and passwords collected in the latest breach, there could be even bigger implications.
"While a credit card can be easily canceled, personal credentials like an email address, Social Security number or password can be used for identity theft," the Times reported. "Because people tend to use the same passwords for different sites, criminals test stolen credentials on websites where valuable information can be gleaned, like those of banks and brokerage firms.
The United States Computer Emergency Readiness Team, a branch of the Department of Homeland Security's National Cybersecurity and Communications Integration Center offers several tips to help avoid online identity theft.
- Do business with reputable companies: Before providing any personal or financial information, make sure that you are interacting with a reputable, established company. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate.
- Take advantage of security features: Passwords and other security features add layers of protection if used appropriately.
- Check privacy policies: Take precautions when providing information, and make sure to check published privacy policies to see how a company will use or distribute your information. Many companies allow customers to request that their information not be shared with other companies.
- Be careful what information you publicize: Attackers may be able to piece together information from a variety of sources. Avoid posting personal data in public forums.
- Use and maintain anti-virus software and a firewall: Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall.
- Be aware of your account activity: Pay attention to your statements, and check your credit report yearly.
If you believe one of your passwords could have been breached in this latest hack effort, change it. Even if you think you are immune to this latest mishap, change your passwords anyway — many experts recommend new passwords every few weeks.
Follow these guidelines for new passwords: 1) Don't use passwords that are based on personal information that can be easily accessed or guessed. 2) Don't use words that can be found in any dictionary of any language. 3) Develop a mnemonic for remembering complex passwords. 4) Use both lowercase and capital letters. 5) Use a combination of letters, numbers, and special characters. 6) Use passphrases when you can. 7) Use different passwords on different systems.