Best practices for online shopping, Part 2

Security Strategies This newsletter is sponsored by CREDANT Technologies, Inc. Survey Says: iPods a Growing Threat in Workplace 323 IT professionals reveal usage rates, potential impacts of portable data storage devices--iPods, MP3 players, USB flash drives, and data-centric smart phones at work. Surprisingly, organizations see rapid growth in usage, but few have a solution to prevent widespread data loss. Network World's Security Strategies Newsletter, 08/16/07 Best practices for online shopping, Part 2 By M. E. Kabay In this issue, we continue former graduate student Steven Zeligman's tips and practical suggestions for improving the security of shopping online. * * * 4. Safeguard your own personal information and records Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. Do not send payment information via e-mail. Unencrypted e-mail is not a secure method of communication. All information transmitted via e-mail is at risk of interception by bad people. Any trustworthy online merchant uses encryption technologies to protect private information during a transaction on their Web site. Keep records of all transactions, much as you keep paper receipts for physical “brick and mortar” purchases. An easy way to do that if you have full Acrobat is to print to an Acrobat file from your browser; alternatively, you can use the print function of your browser and send to a suitable printer or even take a screenshot and save the image file on disk. [MK adds: I keep records in folders labeled by vendor in a folder called “My Received Files.” I have a folder for software licenses, for example, one for DVDs, one for CDs and so on.] Other methods of safeguarding e-commerce information include: * Always conduct online transactions using a Web browser that has all current security patches and uses at least 128-bit encryption. * Always use strong passwords that contain a combination of uppercase letters, lowercase letters, and special characters for e-commerce accounts. * Never use obvious passwords such as family names, birthdays, pets’ names, etc. for e-commerce accounts. * Always use passwords that contain six or more characters. * Never share user names or passwords with anyone else. * Never use the “one-click shopping” that stores credit-card information accessible through an online account password. * Never perform online transactions on public computers. * If you have an unsecured home computer, do not allow your browser to store user IDs and passwords for the online-shopping sites you use. For more information on browser security and Web sites, see the following U.S. Computer Emergency Readiness Team (US-CERT) Cyber Security Tips: * ST04-022 “Understanding Your Computer: Web Browsers” * ST05-001 “Evaluating Your Web Browser's Security Settings” * ST04-012 “Browsing Safely: Understanding Active Content and Cookies” * ST05-010 “Understanding Web Site Certificates” 5. Review the Online Merchant’s Privacy Statement Sometimes online merchants call their privacy statements “Terms of Use,” "Terms and Conditions,” “Privacy Statement,” or similar titles. A trustworthy online merchant will always post details regarding the use of consumers’ personal and financial information on their Web site. Consumers should read this policy carefully to ensure that their private information won’t be sold to third parties. Consumers should also be prudent about what personal and financial information they reveal to conduct an online transaction. It is usually necessary to provide a credit-card number. However, it should never be required to provide bank-account numbers or Social Security Numbers to conduct online shopping transactions. There are many reliable online merchants; if you don’t like a merchant’s policies, choose a different one. * Summary * With a few precautions, you can usually take advantage of online shopping conveniences without significant risk. The essential point is that you have to think before you shop - but that’s true in all situations. * * * Steven Zeligman, MSIA, MCP, CISSP, is the Network Security Manager at Dataline, Inc., and has more than 15 years of experience in information technology and security. His opinions are entirely his own and do not constitute the opinions of his employer. You are welcome to write to him with comments on this article.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Verizon vs. the Needham Fire Department 2. Microsoft's super bundle of security patches 3. 10 claims that scare security pros 4. Citrix acquires XenSource in a $500M deal 5. Nude publisher Perfect 10 sues Microsoft 6. Cool chips promise more powerful computers 7. Facebook users easy identity theft targets 8. SCO claim to Unix dead in the water 9. VMware IPO flies out of the gate 10. Rove quits to spend more time with iPhone MOST-READ REVIEW: WAN acceleration offers huge payoff

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by CREDANT Technologies, Inc. Survey Says: iPods a Growing Threat in Workplace 323 IT professionals reveal usage rates, potential impacts of portable data storage devices--iPods, MP3 players, USB flash drives, and data-centric smart phones at work. Surprisingly, organizations see rapid growth in usage, but few have a solution to prevent widespread data loss. ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007