Digital Fingerprints – who knows where you have been?

By Greg Day, Security Analyst, McAfee International Ltd

The Internet has changed the way we live: in our personal lives, we can communicate with friends and family - both near and far - and know that our message will reach them at the touch of a button. Similarly, we no longer have to spend precious lunch breaks or Saturday mornings queuing at the bank as we can do everything we need to on our computers. At work, we talk to customers, partners, suppliers and colleagues electronically, we manage budgets, expenses and any number of things online and we embrace any new, electronic, time saving tool that comes our way.

It’s clear that these days, nearly all of us are using the Internet for a wide range of tasks, not to mention for fun. Many of us have had our lives revolutionised: working has become more of a process and certainly more flexible, information can be sent, received, stored and retrieved efficiently and we are able to free up personal time by banking, shopping and communicating at the touch of a button? This is fantastic and truly demonstrative of what makes the human race an ever-evolving species. Our ability to grasp and make use of new technologies has been visible over the last 20 years, as we’ve fallen in love (most of the time!) with computers, taken our phone calls mobile, got connected to the Internet and embraced Web 2.0 and social networking. Yet with the advantages that all these technologies bring, they also have an impact on when and where we are visible and the availability of intricate details of our lives.

We know that in day-to-day life, we leave fingerprints wherever we go and on whatever we touch. What we may not know is that when we enter information online, what we do is create a digital fingerprint, the tracks of which are left all over the Internet as our use of online services grows. These fingerprints won’t always be tracked, but there is certainly the potential for this to happen and it’s vital that this risk is not overlooked. It’s a terrifying fact but the worst case scenario is that this information gets into the wrong hands, and can then be used to build a profile of us and even to fake our identities, to access our finances or defraud others.

This all makes the Internet sound like a terrifying place but that really doesn’t need to be the case. What this means is that we do need to think twice before completing web forms of entering sensitive information in any online systems or in unusual places. Examples of the kinds of information that should be shared with some considerable caution are full dates of birth, places of birth, mothers’ maiden names and full addresses, not to mention bank details and passwords. The thing to remember is that just because there is a space for information on the website doesn’t mean that it has to be provided. As a rule, only enter the information deemed obligatory – an asterisk usually denotes this – the rest could give away vital clues to your passwords or make available enough information for the malicious minded Internet fiend to create an account using your identity. You should similarly take care when given the opportunity to write about yourself and in such cases, a good rule is to only give information that you would be happy to give a stranger in the street. Similarly, be suspicious if you receive an email or phone call asking for such information – your bank will never ask you for your account number or passwords by email and if you do receive such a phone call, use the bank’s public phone number to call them back and be sure that the request is legitimate.

One thing that is important to be aware of is that unlike any medium that has gone before it, once information is on the Internet, it’s pretty much there forever as content is far more difficult to remove than it is in the first place. Even if information is not sensitive from the perspective of helping to build up information on you that could be used for fraudulent reasons, it may be something that is OK now but which you may not want viewed in later years when you’re at a different stage of your life: you may be a student now, but it won’t be long until you may be looking for a job in an organisation that will use the Internet to see what can be found out about you. Similarly, if you’re single now, don’t post something that you may not want a future partner to be able to see. These are extreme examples but highlight the fact that something you post today will be visible from this day onwards, and you may not always want that to be the case.

It’s also worth remembering who else holds our personal information: a number of recent, high-profile stories of lost data have caused something of a stir in the media, resulting in increased awareness that we are not always the ones in control of our valuable personal information. While it would be difficult to simply refuse to provide any information requested and still have bank accounts, mortgages, store credit, receive benefits and generally continue to function, it’s important to know who has our details so at least if an incident occurs, we know how best to respond based on whether we are likely to have been affected.

The bottom line when it comes to sharing information is that less is always best. If someone knocked on your door in the middle of the night and asked for your mother’s maiden name or the name of the town where you were born, you’d slam the door in their face and go back to bed, and that really is the approach that also needs to be taken online. There’s no escaping the fact that we will all have digital fingerprints moving forwards, and that really can help us to save time that was previously spent on going places to do things in person, we just need to exercise some caution in terms of how big, how personal and how public that fingerprint should be.

McAfee International Ltd is exhibiting at Infosecurity Europe 2009, Europe’s number one dedicated Information security event. Now in its 14th year, the show continues to provide an unrivalled education programme, the most diverse range of new products & services from over 300 exhibitors and 12,000 visitors from every segment of the industry. Held on the 28th – 30th April 2009 in Earls Court, London this is a must attend event for all professionals involved in Information Security.

Source: InforsecurityPR