SOME TIPS FOR MORE SECURE PERSONAL DATA
The first reason an average individual should be concerned about his
personal data's security is its confidentiality. Your Memo-to-Self may
not contain anything remotely related to National security, but it is your
own memo and no other person has the right to read it without your
permission.
The security of your credit card number (*) over the internet and in third-party
databases are the concern of those in charge of the data and the individual
should only make sure that no shadowy people get hold of it. But you are the
only one in charge of your own computer's contents, your own files.
Following are a few guidelines to help you insure that the confidentiality of
your sensitive data is not tempered with.
- An absolutely secure computer is one that is powered off and hidden in a
vault! Computer security is as good as the user's understanding about data
security and his/her conceptualisation about what data security means to
his/her particular case.
- Always know where your files are : don't let copies of your files
all over the computer. Take the time to learn the particularities of each
program you use as far as file locations are concerned. Certain packages, like
MS Office, allow you to set default directories for various file type. Have a
clear design in mind for as to where your files are to be before starting to
create them. Such an organisation will help you avoid forgetting sensitive
files in places where other eyes can see them and be tempted to read them.
- If using a computer temporarily, place your files where you can see them
and be reminded of their existence before you hand back the computer to
another user. A good place is simply the desktop. In case of too many files,
create a new folder on the desktop and save your files in it. Don't use an
already existing folder, as it may not be empty and would create some
confusion later on as to which file to delete after your work is done. Use a specialized software (such as Compunigma ZAP) to effectively erase your data.
- When working on extremely confidential files, make sure that the
computer you are using is disconnected from any network that it may use during
normal operations. Ask your systems manager to show you how. In case of doubt,
don't hesitate to physically unplug any network or telephone wires from the
computer. You never know when someone may hack into your system. If you really
think your files' confidentiality is worth the price, invest into some Tempest
quality hardware (it will not be cheap!). Also make sure that no background
spyware type programs are not running on your computer (these are specially designed applications for transmitting data gathered on your computer to a third party. They ususally come bundled with "free" software - Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, Doubleclick, DSSAgent, EverAd, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator / Claria, GoHip, Hotbar, ISTbar, Lop, NewDotNet, Realplayer, SaveNow, Songspy, Xupiter, Web3000, WebHancer, etc. are just a few of the long list of active spyware). Also, avoid using any instant messenger software on
the computer that is to deal with sensitive data.
- Before leaving the computer, exit all running programs and run a search
for all temporary files (*.tmp) on the computer. One of those files
could contain parts or all of your sensitive data. Mark their locations and
delete them. Do not trust the Windows Disk Cleanup utility for this task. Make
sure that any folder on your computer that is named Temp or Tmp (there may be
more than one on a computer) is thoroughly empty. Do not be afraid to delete
any files and folders contained in the Temp folders, as they are supposed to
be temporary files and if they exist, it means that the software that has
generated them has not cleaned-up after itself as any well behaved application
should do.
- Always reboot the machine after you've finished working to erase
any trace of your work from memory.
- Some versions of MS Windows (like 2000 or XP) offer the option of clearing the virtual memory pagefile on shutdown, which should be turned on (it's off by default). It makes the machine's shut-down process somewhat longer, but it's an additional security feature that should not be neglected, as the said pagefile can contains many chards of information that a curious eye can read using a few rather simple techniques.
A note about the safety of e-commerce
The proliferation of e-business over the internet has raised many concerns
about the transactional security of the entire e-commerce processes. Much
emphasis has been put upon the security of the electronic communications
especially when dealing with monetary transactions and various schemes have been
devised to secure the transactions, but it may all be a non-substantiated hype
in the case of credit card transactions.
Credit card transactions over the internet have one major flaw that has
nothing to do with the security of the transmission channels : they are
anonymous.
In regular CC transactions, the customer actually signs the receipt. There is
no such measure over the internet. All you are asked is a card number a name --
as it appears on the card -- and an expiry date, that is also on the card. No
PIN number, no codeword, no signature of any kind. The information asked can
well be entered by anyone who has a face copy of your card. What is worse, you
have no means of proving that it was not you who was behind the keyboard, no
proof in the form of a signature. It is too easy for many people to get hold of
your credit card number without going through the hassle of hacking or spoofing
or phishing. When you hand-out your credit card for a transaction at a store,
where you also sign a document, can you be certain that the cute minimum-wage
earning clerk does not make a copy of the card's face markings and give it out
to the boyfriend ? ... Such copies are known to have a street value of $10-30
...
Back