What the Linked breach teaches us about how to safeguard ourselves online
By Cory Flynn, CEO, founder of Firewall Experts, special to Network World
June 14, 2012 — Network World — The mammoth security breach that exposed in the neighborhood of 6.5 million LinkedIn user passwords should be a wakeup call for end-users everywhere. We should all practice due dilligence and ask the companies we deal with questions about how they deal with security.
Here are 10 things you can do to safeguard yourself online:
1. Does the site's logon page have an HTTPS in front of their URL? If it doesn't have "https" preceding the URL when you reach the logon page or pages requesting personal information, it is not a good sign. They do not have even the most basic security measures in place and probably don't care. What do you think they will do to protect your data when they don't even care enough to protect their intellectual property (their website)? Probably nada, zippola, nothing. This is a tell tale sign that you should walk away no matter how alluring the site claims to be. Just walk away.
2. Read the disclaimer and data sharing policy. Many companies sell your data to "partners" which usually means they are partners with anyone that will buy the data. Many C-level executives only care about bottom line revenue. They don't think, "Oh what will happen to my customers data?" Again, walk far, far away. While the company site you sign up for may be somewhat secure, their "partners" may not care so much. Remember offers of "free stuff if you just sign up now" are not really free.
3. Ask security minded questions. Contact the company's customer service line or helpdesk if they have one and ask what kind of security they have in place for accounts and passwords. Ask the company point blank if they encrypt passwords and how. If they say "no," chances are good you do not want to have an account with them. They should mentioning things like RC4 ciphers and 256-bit AES encryption! If the company is confident in their security they should tell you they use firewalls, IDS, anti-virus and all kinds of other great tools. Knowledge is power, so search the web for things like "is AES secure." It is incredible what you can find with a simple search like this. But remember, just because customer service says the site is secure doesn't guarantee it is.
4. Look at what kind of data the site is asking for. Sites today want your birth date, Social Security number, address, height and weight, eye color, and this is all for a monthly coupon site that is sending me deals in my local area? This is all very fishy (or should I say phishy). Instinct is a great tool. You wouldn't buy merchandise off a sketchy individual you just met on the street, would you? Then why would you do business with a company equally as sketchy. Just because the website looks legit doesn't mean the people running it are. Hackers want to blend in, they want you to think that they are legit so by the time you figure it out it is too late.