Staying Safe Online: Important Reminders

With all the well-publicized data theft incidents in the news lately, one might think that people would be more vigilant than ever about exposing sensitive personal data on the internet. And yet, even a cursory survey of day-to-day online communications practices reveals that businesses and individuals continue to regularly send and receive sensitive information in ways that expose it to hackers and identity theft merchants.

Here are some examples: Medical offices continue to use email for communication with patients, many of whom may include confidential health information in their responses. Companies routinely send credit card forms and signature details via email. Many individuals still think nothing of sending and receiving emails with attachments that may contain Social Security numbers, birth dates, driving records, and other data frequently targeted by identity thieves. Many of us believe that as long as the email is going to a person or entity we trust, everything is fine.

But nothing could be farther from the truth. First, emails are stored on your computer and on that of your recipient. If either hard drive is hacked, your emails are available for review by the hacker. Remember, not every hard drive is protected by firewalls or up-to-date privacy software. If there is a weak point anywhere in the communication network, hackers know how to find and exploit it.

Additionally, the servers that are used to route and store your email are subject to security breaches. Your internet service provider (ISP), whether it is a well-known company like Google, or one of the smaller, regional providers, is constantly under threat of penetration by sophisticated automated programs—sometimes referred to as “bots”—that prowl the web ceaselessly, looking for vulnerabilities that can be exploited for profit.

What can you do? First of all, it’s important to remember that email, while probably indispensable to most of us, is not the appropriate way to send any type of sensitive information. A quick rule of thumb might be to avoid sending anything in an email or an attachment that you wouldn’t offer freely to a complete stranger: Social Security numbers, driver’s license numbers, birth dates, health and medical information, children’s names and ages, and banking or other financial account numbers are just a few of the pieces of sensitive personal information that you should avoid putting into either an email or an attachment.

Second, you should consider using secure or encrypted methods in those instances where you must transmit sensitive data. DropBox, FileCloud, Box, or other secure file-sharing sites allow you to control who has access to the information you store there. You could use a program like Infocrypt or SafeGmail to encrypt your email messages, which means that only the sender and the receiver have the keys to decode the emails; to a third party without the key—a hacker, for example—the messages are unintelligible.

All this may sound very complicated and time-consuming. But consider how much time is required to repair the damage caused by identity theft. Is it really worth it, for the sake of convenience, to risk exposing data that could cost you weeks, if not months, of remediation efforts and possibly thousands of dollars?

It is certain that online communication is a daily fact of life. But we shouldn’t allow the familiarity of routine to dull us to the need to be vigilant.