Data Security is a concern to most of us because of the horrific stories we hear about millions of identities being stolen so often. This white paper seeks to explain the risks and the mechanisms available to each of us to make our data sessions on the Internet as secure as reasonably and economically possible.
The first step in the security world is to make a Risk Assessment of your individual situation. The reason to do the assessment is that there may be no risk or a lot of risk depending upon what you are doing and how you are doing it. Investing in security systems to protect against a “no risk” situation is a waste of time and money and failing to do so to protect a “high risk” environment is foolish.
Most of us store personal Identity and financial information on our computers. Some of us do this using encryption to make the information unreadable unless the intruder has our security key or access to a Super Computer. But, alas, most of us simply store the information in “clear text” meaning that anyone who accesses our computer can see our information.
Now, here’s the key question to ask yourself: If someone were to have access to my information, could they use that information to my detriment and if so, what is my assessment of the cost to me if my information was stolen?
- Most bank debit cards come with Fraud Protection provided by the issuing bank. So, if my debit card number is hacked and my account is drained by the hacker, I have no liability for the loss if I report it within the time limits established by the card issuer. Any funds illicitly removed from my account will be replaced in 24-48 hours by the bank.
- If my credit card number is hacked, I have a small financial liability for fraudulent charges ($50 in my case) if I report the fraudulent charges within the time period specified by my card issuer.
- If my identity is then stolen and fraudulent credit is established and massive fraudulent debits are accumulated under my identity, my credit will be compromised and I will be forced to go into a painful process of proving the fraud, possibly having to defend law suits and restoring my credit and my reputation.
- If my passwords are stolen, and some of my accounts are hacked, I could lose vital information or beloved pictures.
While each of these situations brings with it differing amounts of inconvenience and life disruption, the actual total potential financial damage long term may not be that great except in case #3. Consequently, I will not spend a whole lot of time and money to protect myself.
If on the other hand, I had the location of a 500 1 kilo gold bars stored on my computer, I’d go to great lengths to protect my information because almost nobody would indemnify me for my loss.
Where is the Risk?
So, where is the risk? Is a Russian or Chinese hacker going to spend hours of time to hack into my computer in the hopes of striking it rich? Probably not!. Would those same hackers work for weeks or months to hack into Bank of America or Chase’s computers or Target’s POS system in the hopes of stealing 10 million credit card numbers and pins? You betcha! We know they already did it! So, again, just how vulnerable am I? Answer: Not so vulnerable to most kinds of risks.
How is Security Achieved when using an Internet Connections
We usually think that the security of our connection is the method used to establish security. Not so. Why? Because any third rate thief can pull up to the side of my house or to a cable pedestal along my street and tap my cable connection and capture my data.
Wireless Connections provided by Wireless ISPs are almost always encrypted meaning that wireless connection are often more secure than wired connections.
So, many years ago, the National Security Agency and the DOD came up with the notion of creating an encrypted tunnel between the computer of the user and the computer server at the other end. Visualize it as a secure pipe with in the unsecure Internet pipe. Unsecure traffic travels in the clear on the outside of the inner pipe and my secure traffic travels fully encrypted using 128 bit encryption (Military grade) through the inside pipe. This method is call a Secure Socket Layer or SSL connection and is represented in our web browsers by connections that start with https instead of http and have the image of a padlock (Internet Explorer) on the right side of the URL line (Address Line).
What about WiFi Service
WiFi is supposed to be available to the public for public access. Thus, the connection between the user’s computer and the wireless WiFi access point has to be open and insecure. But the rest of the wireless links to the Internet backhaul (wired or fiber) are almost always encrypted. The copper and fiber portions are generally not encrypted. And if you go to a site that begins with “https” and you see a padlock icon on the address line of your web browser, then you connection is secure.
So, whenever you are entering credit card, personal identity or other confidential information, make sure that you are using an SSL encrypted connection which you can identify by the https at the front of the URL and the image of a padlock or some other security symbol elsewhere on the browser address line.