One important thing I try to do in this blog is to remind consumers of good data security habits. A recent "Connected But Carelesss" study of 1,000 Internet users in the United States, sponsored by Symantec Norton and conducted by Javelin Research, found that many consumers are lax about the security of their information while online:
"... consumers are still somewhat cavalier and under-informed when it comes to Internet security, specifically in three areas: location-based services, mobile phone transactions, and online passwords."
Just under half (47%) of the consumer survey participants respondents said they expected their online purchases to increase between the Thanksgiving and New Year's holidays. About a third (31%) between the ages of 18-34 said they expected their social networking activity to increase during the same period.
Location-based status messages, or telling people real-time where you are via your mobile device, is a leading risky behavior when consumers share too much:
"... 15% of people surveyed knew enough about geo-location to be able to explain it... 22% who use their mobile or smartphones to connect to the Internet, admitted to giving applications on those devices permission to identify their location... 56% under the age of 35 said they update their social networking status with their location, which can inadvertently broadcast to real-world criminals that they’re not at home."
A second risky behavior is that consumers take for granted that their mobile devices are secure. While 38% of survey respondents use a mobile device or smartphone to check bank accounts and 51% post updates on social networking sites:
"... one in four people accessing the Internet this way aren’t sure, or haven’t even thought about, what’s safe mobile practice, while another 42 percent have only a “general idea” of what constitutes safe practices. In addition, 52 percent of those people accessing the Internet via their mobile devices don’t use the basic level of protection of having an access password in place..."
I have repeatedly discussed in this blog the need for strong passwords. More results from the Norton study:
- 46% said they never change their password on their e-mail account
- 31% said they never change their password on banking and financial accounts
- 42% said they never change their password on social networking sites
- 71% of survey respondents who have one password across different accounts/sites say they do so because it is easier
Identity thieves and spammers are probably happy to read these survey results. Experts advise consumers to do the following to protect your identity and financial information:
- Password-protect your mobile device or smart phone: add a password so nobody else can access the information in your mobile device
- Consider a "remote-wipe" feature for your mobile device. Norton offers a Mobile Security application for Android users to remotely lock or wipe data when their phone is lost or stolen.
- Think before using your personal mobile device for business. Check for your employer's mobile device policy, as some employers use remote-wipe features which will delete everything in your smart phone
- Think before logging in: assume that public WiFi connections are risky with communications monitored, whether you use a laptop, smart phone, or other mobile device. Avoid becoming a sidejacking victim. Never enter sensitive bank account information, debit card or social security numbers when browsing the Web via a public Wi-Fi connection
- Use one credit card specifically for online purchases. It makes it easier to spot any fraudulent items, and limits your liability if your card number is stolen. Don't use a debit card
- Update the anti-virus software on your laptop or desktop computer
- Change your passwords at least once every 90 days. Use strong passwords
- Don't use the same sign-in credentials and password for all of your online accounts and email accounts. Use different passwords. The recent Gawker breach highlighted this risk.