You are here: Features Remar's Report Are You Protecting Your Personal Information from Newer Online Risks?

Are You Protecting Your Personal Information from Newer Online Risks?


couple-using-computer.jpgDecember 2010

Most consumers try to protect financial and personal information when online, but are you aware of newer, emerging risks and what you can do about them? Do you manage the cookies on your computer? Do you look for security indicators before using websites? Do you know about other steps you should be taking? In this month's report, I look at these and other ways to protect your financial and personal information online against both older and more recent risks.

Why should I care if a website is secure?

If you are accessing your financial accounts, looking at your medical records, or providing any personal information or any other private information, you'll want to protect that information. If a website is secure then that information is protected. Any messages sent between your computer and the secure website are encrypted. That means any other computers can't read the message contents.

How can I tell if a website is secure?

For many secure websites (or secure pages on a website), the address (or URL) begins with "https" instead of "http." The browser may also indicate the current page is secure by one or both of these indications: a closed padlock and a background color in the address bar.

What are cookies?

Cookies are text files that a website saves in memory or stores on your computer. Cookies can contain a variety of text information. Session cookies are stored in memory and are deleted when you close your browser. Persistent cookies are saved on your computer. Examples of persistent cookies include: saving your login information, saving personalization settings for a site, tracking what ads you've seen, and much more.

Some cookies are absolutely required for security purposes. Financial institutions such as your credit union use cookies to enable and protect your online banking services. Cookies are also necessary to implement online shopping carts. Your job is to set your Internet browser(s) to give the protection level desired.

Can I turn off cookies?

Yes, you can setup your browser to not accept cookies. But if you refuse all cookies, you can't access your financial information or make purchases online. Most browsers give you some control over cookies, such as allowing session cookies, blocking third-party cookies (i.e. those not from the current website), or prompting you to decide for each cookie. For Internet Explorer, look for Internet Options (under the Tools menu), click on the Privacy tab, and choose the Advanced settings button. For Firefox, look for Options (under the Tools menu) and choose Privacy. For other browsers, the settings are usually located under Privacy Options.

What are "Flash Cookies"?

"Flash Cookies" are actually local shared objects (LSO) that are created and stored on your computer by websites. These data files are similar to browser cookies but can contain more than text data. The concern with "Flash Cookies" is website users don't know they are being used and they can't be controlled through the browser. "Flash Cookies" are sometimes used to store a copy of the information in a browser cookie so that when a browser cookie is deleted, it is recreated from the "Flash Cookie." Not controlling Flash cookies potentially exposes your information to fraudulent use.

How can I manage "Flash Cookies"?

You can manage the settings for the Adobe Flash Player, but they aren't available through the player itself. You can control which sites can store data including whether third-party sites can store data. The only control is on the Adobe site, even though the settings are stored on your computer. The Flash Player Settings Manager is the only control and is located on the Adobe site. The settings are actually stored on your computer. The Settings Manager has a page for each settings panel that explains each of the settings and what the choices mean. It should only take a few minutes to work through the panels.

What are web bugs?

Web bugs are typically small (1 pixel x 1 pixel) images that are embedded in web pages or email messages. Web bugs are also called "web beacons," "clear GIFs", "invisible GIFs" or "1-by-1 GIFs." Larger images on a web page can also be used as a web bug. While the image itself isn't a problem, the information it provides to its host server can be. When your browser asks a web server for the web bug image, it provides the web server with your IP address, the time that the image was downloaded, the browser used (Internet Explorer, Firefox, Chrome, Safari, etc), and other information including cookie information if a previous web bug set a cookie. Web bugs can be used to track what ads you've seen, what web sites you've visited, if you've read an email, if an email was forwarded, and more. Browsers don't provide controls for web bugs but some browser plug-ins can. See the tools section below on how to find plug-ins.

What about cloud computing?

When you upload or input information and store that information on a web server, such as using online document services, online picture sites, social networking sites, online video sites, and online backup services, you are using cloud computing. While many of these services take the privacy and security of your information seriously, some don't. Protect yourself by reading privacy and security policies and terms of use agreements to see who has access to your data and what it will be used for. Be cautious when deciding to put your financial, personal, and sensitive information in the cloud.

What about mobile security?

Many of us are using mobile apps to access our financial and other personal information. While the apps provided by financial institutions are generally secure, some other apps may not be. Before installing an app on your mobile device, check the app out thoroughly including the terms of service. When installing an app, consider all the terms and the program carefully before giving the app access to information like your address book, location, or other sensitive data. Also, you should never store your social security number, personal identification numbers (PINs), credit card numbers, and similar data on your mobile device.

Are there any tools that can help?

Protecting yourself online is not simple. There isn't any one tool currently available that manages all of these mechanisms. There are various browser plug-ins that can manage some of these mechanisms. Search for plug-ins using your favorite search engine or use the directories provided by Firefox and Chrome. Before installing a plug-in, read the detailed description (not just the summary) and privacy policy. You should determine if you will use the plug-in by reviewing the instructions and looking at any screen shots. Reading recent comments may also help you determine if you will use it.

Taking the time to learn about how and why these and other mechanisms are used will help you protect your personal information. You should be the one to decide who can see and use your personal information not someone else.

For more information

Online Privacy: Using the Internet Safely from the Privacy Rights Clearinghouse

Online Behavioral Tracking and New Cookie Technologies from the Electronic Frontier Foundation

Five Myths about Online Behavioral Advertising (PDF) from the Consumer Federation of America

Adobe Flash Player Security and Privacy

Reviewed and updated August 2014.

blog comments powered by Disqus