I came across this article (see link below) not too long ago and it really got me thinking about not only the places where I put my information on the Internet, but the reasons I put my information out there. Most sites we put our information seem really innocuous and quasi-safe because we don’t think the site is very interesting to anyone but ourselves and a hand full of others with similar interests. It seems like it almost becomes a “second nature” activity to just blindly assume that Internet sites that don’t ask for your credit card are okay cause well, it’s just my name, and maybe my phone number and/or address.
When it comes to using ecommerce sites we all expect a certain level of security to protect our financial data. When it comes to non-ecommerce sites, it seems like there’s less thought given about the ramifications of what happens when you provide your personal information. For example, job posting sites on the surface seem pretty benign, but when you consider things like posting for jobs overseas and perhaps having to supply passport information, now things are getting a bit more serious. This type of data is being passed from posting site to various companies and recruiters seeking to look at the data and supply data to job applications. Recruiters are pulling information from these sites and using these for prospecting purposes.
I often talk to customers about the need to take a serious look at their upstream and downstream suppliers, vendors, partners, affiliates, etc. to make sure these organizations are secure and protecting their information effectively. It occurs to me that we as individuals really need to consider a similar approach for any site we provide information to. Here are some ideas to consider when posting information to any site on the Internet:
- Take an inventory of all the sites that you’ve posted your credit card to. You may be surprised at not only how many, but who you’ve given your card to.
- Review your bank statements and credit card statements and look for anomalous billings and/or charges. I once discovered that a billing service continued to charge my card even after I canceled the service.
- Consider what the site is going to do with your information. Will they be keeping it or sending it off to someone else or will others have access because of the service. Take a long look at the privacy statement and terms and conditions for the site. (Yes I know we don’t have the time to do this, but at least consider this when giving a lot of your personal information to a web site)
- When clicking on emails or links received, just consider what information you’re providing and why. Taking a second look at what you’re about to do at the last minute could save a lot of problems later.
- Scrutinize email you receive. Make sure you’ve got a good Anti-Spam/Anti-Malware program like Norton Internet Security. This will help clean out the SPAM. Other than that, we all get offer emails of sorts sent to us that result from having given information to one provider only to discover they’ve sold the list to another and now you’re receiving more offer emails.
The upshot is that Attackers and Thieves are getting more creative than we ever imagined before. If you ever thought one day this would stop or slow down, think again! This is not going to stop! Attackers and Thieves have more time to devise these new creative schemes than we have to dream them up. They’re also not bound by silly things like laws or law enforcement. In the world of the Internet it behooves us to think twice before placing our personal data on a web site.