In the early years of the Internet, there was a cartoon that depicted a dog sitting at a computer. The caption read, “On the Internet, no one knows you’re a dog.” Today, that caption might instead read, “On the Internet, not only do we know you’re a dog, but we know your breed, your pawprint and your preferred dog food.” As the Internet has grown, it’s become harder to protect our personal information from prying eyes.
The rise of social networking, targeted advertising, electronic banking, online health care and even Internet espionage have led to a fundamental transformation in how we think about our “private” information. The daily news carries stories about credit card numbers stolen by the millions, about leaked government secrets, even about computers hacked and held for ransom. But our use of the Internet for shopping, entertainment and public services is increasing. The more of our private information we put online, the greater is our fear that our information – our identity – could be stolen.
Personal data is valuable to businesses and criminals alike. Businesses use our data to make shopping easier. Governments use our data to provide essential services. Social networks use our data to connect us to friends, family and colleagues. But criminals use our data for their own gain – stealing from our financial accounts, impersonating us to obtain credit or government benefits, even turning our computers into bots: zombie computers that are then used to launch attacks across the Internet.
The methods that criminals use continually evolve. One particularly successful attack technique is known as phishing. A typical phishing attack will start with an email from what appears to be from a trusted party, like your bank or your school. The email may carry some vague but important-seeming message, and instruct you to click a link for further information. The link will take you to an official-looking web site, which then asks you to provide your password or other personal information. Unfortunately, this site is actually a fake – designed to trick you into providing your password to a criminal third party who set up the false web site. The criminal now has your password and, in turn, your data or your finances: you’ve become the victim of a phishing attack.
Happily, the “good guys” keep improving their defenses as well. Passwords are a prime target for criminals. We all know how confusing and difficult it can be to keep track of passwords across multiple sites. Two technologies that can help protect our passwords are federated identity and multifactor authentication. Federated identity (FID) systems reduce the number of passwords we need to keep, reducing the likelihood our passwords will be stolen. Two notable examples of FID are OpenID, in growing use by social networking, and InCommon, used in the higher education community. Multifactor authentication (MFA) is a way of strengthening logins by using a smart card, an SMS message or a fingerprint swipe in addition to a password. Many banks and government institutions are moving to this kind of login, which is more secure than a password alone.
There are some simple things we can all do to help protect our private data:
- Think before you click. Ask yourself: is this email legitimate? Should I really visit this web site? Sometimes minor details like spelling errors or strange phrasing can be a clue to a phishing attack.
- Trust and verify. Don’t provide account numbers, personal data or social security numbers to anyone, unless you can positively verify that the request is valid and the party is completely trusted.
- Strengthen your passwords. Make your passwords as long as possible and change them often. Ask your bank or school if they support the use of multifactor authentication or federated identity.
Finally, if you yourself are an employee of a business or a government organization that deals with private data, remember that you also have a fundamental role in helping protect the rest of the community. The Internet has transformed the way that we live and do business in many positive ways; but it’s also made it possible for criminals to rob us without ever setting foot in our homes or banks. That dog on the Internet might turn out to be a wolf at our door.
