Second, practicing good cyber security is no longer purely a personal matter. It is a matter of national security. We now live in a highly connected world, and while that interconnectivity brings us a growing host of new services, it means that we are increasingly vulnerable. If your computer system is not secure, it can be used by others to launch a cyber attack against other consumers and businesses. The more secure each of us is individually, the less likely such an attack will be widely successful. Doing your part is no longer just self-defense; it helps protect the general welfare of us all.

In The Virtual World.
Many of the problems and pitfalls we've already described in our section, Identity Theft: In the Real World. If you haven't already reviewed that information, we suggest you do so before proceeding further, since most of the same issues apply.

There are, however, some very important, critical differences. We'll highlight those for you here.

The new, highly interactive Internet and telecommunications technology afford us a whole new world of services - almost literally putting the world at our fingertips. We now enjoy online banking, easy electronic bill paying, wireless connections to the Internet, the ability to take pictures, retrieve email and surf the web with our cell phones. Let's not forget our personal digital assistants (PDAs), those wonderful little devices that remember all our contact information, maintain our calendars and store all sorts of other easy-to-forget details of our daily lives. What's more, these separate technologies are all converging.

We appreciate all the new services the various devices provide, and more than a few of us make use of these on a fairly regular basis. Unfortunately, most of us are only dimly aware of exactly how these technologies actually work. And that lack of substantive knowledge makes us much more vulnerable to high-tech thieves.

What follows, then, is a primer on how to protect yourself in the virtual world.

• What Does the Virtual Thief Want?
• Where Does the Virtual Thief Find These?
• How You Can Defend Yourself?

What Does the Virtual Thief Want?
Exactly what the real world thief wants. To capture your information, create a new identity based on that information, and then use that identity - your identity - to his or her own purposes, leaving you holding the bag.

Where Does the Virtual Thief Find These?
Here's where the real-world and virtual thief begin to part company. Unless the proper safeguards are in place, the new technologies can create major gaps in your personal information security. If you have a personal computer, think of the information you've probably stored there - things like bank account information, electronic tax returns, perhaps the family genealogy, your PDA data, insurance information, spreadsheets and word processing documents containing all sorts of information. The list could go on and on.

How You Can Defend Yourself?
BBBOnLine has partnered with GetNetWise, an Internet resource developed by the Internet Education Foundation, and StaySafeOnline, developed by the National Cyber Security Alliance. Where available, we'll provide you with links to the GetNetWise or StaySafeOnline content.

• Your Login/Password/PIN In the virtual world, basic self-defense begins right here. So here are some important tips:
  • Use unique passwords whenever you can.
  • Use passwords wherever you can -- on all your devices and in any programs that contain personal information. It's not only your PC that contains sensitive information. What if your laptop was stolen, or your PDA or your cell phone. Nearly all these electronic devices allow you to set password protection. Passwords won't necessarily thwart a knowledgeable and determined thief, but most thieves don't fit that description.
  • Change passwords regularly. This is a tough one. If you spend a lot of time online, you may have passwords not only on your devices, but with your ISP and on many of the web sites that you visit. It is hard to remember to change passwords, and harder still to remember which sites have which passwords. It may actually be better to use fewer passwords and change them more regularly than to have many and fail to change any of them. Twice each year, we set our clocks -once forward and once back. This may be a good time to remember to not only set your clock, and check your smoke detector batteries, but to change your passwords and update your computer protections.
  • Don't Set Your System to "Remember My Password". This may seem like a helpful feature. When you first create or enter a password, your software may offer you a "pop-up box" with a friendly query about whether you'd like the system to remember this password. If you click the appropriate box, your password will automatically appear whenever you attempt to log into the program. However, if someone else knows - or can guess - your login, the password helpfully allows that person entry into your system. Wherever possible, disable these memorized features.
  • Remember Passwords; Don't Write Them Down. Passwords are hard to remember, and there is a terrible temptation to write them down. But written passwords are no good if they are nowhere near you when you're using your PC or laptop or cell phone or other device. So people tape them to the underside of keyboards or under the mouse pad or carry them in a laptop case, or put them in a wallet or purse. Thieves know this, and these are the first places they look.

• Purchase Anti-Virus Software. Next to password protection, nothing is more important that having good anti-virus software and having that software absolutely up-to-date. Naturally, it helps to protect your system from being damaged or ruined due to a virus, worm or Trojan horse. More important to the issue of identity theft, however, is the fact that some worms don't make their presence known. Instead, they may open a backdoor into your system, through which a thief can gain access or otherwise transmit information that will compromise your security. Here's more information for you from GetNetWise.

• Keep Your Operating System Software Updated. Often outside public view, a battle is raging. It's an ongoing war between those who want access to your system for some less-than-noble purpose and those who are trying to protect your system. And at any given moment in time, the good guys don't necessarily have the upper hand. But just as soon as a new vulnerability is discovered, your system vendor makes a "patch" available to fix it. Unfortunately, those patches don't do any good if you don't install them as soon as they are made available. Both Microsoft and Apple make available an "automatic update" feature for their security upgrades. Click here for GetNetWise's video tutorial on how to check and update your system preferences.

• Install a Firewall? In the real world, a firewall is a fireproof barrier that separates something that might burn from something you want to keep safe - for example, a barrier between your car's engine and the passenger compartment. That's how the term got applied to the Internet. It's can be a nasty world out there in cyberspace, and a firewall is a hardware or software "barrier" that helps separate your computer from those who would do you harm. Click here for GetNetWise's video tutorial on how to install built in firewall protection in Windows XP or Mac's OS X. Not running XP or OS X? There are a number of other firewall packages available that will protect older operating systems.

• Take Precautions With Wireless Networks (Wi-Fi). A growing number of computer users are either setting up home wireless networks or making use of wireless networks in airports, coffee houses, bookstores and other locations. But wireless use requires special precautions. Click here for more information from GetNetWise on how to protect your network and your wireless transmissions.

• A Word About File Sharing. Peer-to-peer or file-sharing programs allow you to share your files with others on the Internet -- and vice versa. However, nothing comes without pitfalls; if you can get files from others, they may be able to get files from you - maybe files you didn't intend they have. Click here for more information from GetNetWise on file sharing. If you prefer your information in video form, you can view GetNetWise's Anne Collier -- click here for either a broadband or 56K dial up version.

• And Now, A Word About You. If you have taken all the steps we're outlined here, you can be fairly certain that you've made it much harder for someone to use your technology to steal your identity. But, as in the real world, you can be the weakest link in your own cyber security program. All the protections in the world won't do any good if you give your identity away. Here are some things you need to consider:

  • Beware of "Phishing". "Phishing" is a term coined by computer hackers, who use email to fish the Internet hoping to hook you into giving them your logins, passwords and/or credit card information. In all these scams, the phisher first impersonates a legitimate company such as your own internet service provider, or your auction site or a financial institution. In the typical scan, you'll get an email that appears to be from a reputable company. You'll be asked to go to a special site to update your account information. Here's an example of what one of these emails might look like.

    If you get one of these messages, don't panic - and don't respond. Remember our advice: Don't give your personal information to anyone you don't know. If you are concerned that the message might be genuine, call your ISP (or bank or other organization being spoofed) at a telephone number you obtain from your billing statement or through an email address the legitimate company provides.

    In July 2003, the Federal Trade Commission announced the settlement of an action it had brought against a minor who ran a fairly sophisticated scam involving AOL subscribers. You can read about that action by clicking here.

  • Be Wary When Using Public Internet Kiosks or Other People's Computers. When you are surfing the internet, you are leaving a trail in the computer you are using. This is called "caching", and it helps speed up your Internet experience. But when many people are using the same computer terminal (whether it is at a public kiosk or in a friend's home), it may mean that others can see the sites you have visited. And if you haven't "logged off" a password-protected account, your personal information may be accessible to others. Worse yet, software is now available that can capture every key stroke you make - in a way that is invisible to you. In one recent case, successfully prosecuted by the Department of Justice, a man successfully installed such "keylogging" software in 14 Kinko stores in the New York City area, without Kinko's knowledge or permission. Using the software, he was able to capture customers' usernames and passwords. You can learn more about that case by clicking here.

    Here's some simple advice. Unless you simply have no other choice - or unless you trust the owner of the other computer completely - don't use someone else's computer to access any of your accounts that require logins or passwords.

  • Don't Give Personal Information Over the Internet Unless the Site is Secure. The Internet is the worlds largest public meeting place - at any moment, millions of people are communicating. Most of that communication is public. You wouldn't broadcast your personal information in a public square, and you shouldn't do it on the Internet. When it comes to giving personal information, you should only do so on a secure server. On a secure server, your information is encrypted as it is being transmitted; that way, others can't read it if they should intercept it. Here are some tips to let you know you are on a secure server:
    
    Look at the URL of the page you are on when you are asked to give the personal information. An unsecured URL will look like this: http://www.site.com. A secure server will have an "s" either in front of or following the "http", and it will look like this: https:/ www.site.com or shttp://www.site.com.
    A secure site will also have a yellow graphic "locked padlock" on the bottom of your browser page.

    An insecure site will have an "unlocked padlock".

• Want to Learn More? Here are some additional resources and tutorials to help you learn about cyber security:

  From StaySafeOnline and The National Cyber Security Alliance: The National Cyber Security Alliance is a cooperative effort between industry and government organizations to foster awareness of cyber security through educational outreach and public awareness.

  • Take this excellent, interactive introductory course on managing your computer security fundamentals, courtesy of the National Cyber Security Alliance.
  • Here's a Beginners Guide to Computer Security, also from the National Cyber Security Alliance.
  • If you've got a home network, this tutorial will help you understand - and deal with - the security issues you face.

  From GetNetWise: GetNetWise provides information about View a short video from Larry Magid from SafeKids.com on tools and techniques to better control how much personal information you share with online stores, Web sites, emailers, chatters and other people who may use your computer.

  • The Risks of Cyber-Space
    • For broadband connection
    • For 56K dial-up modem connection

  • Larry Magid's video discusses the importance of Cyber security
    • For broadband connection
    • For 56K dial-up modem conection

  • An introduction to security in online shopping from GetNetWise's Anne Collier
    • For broadband connection
    • For 56K dial-up modem connection

  • Anne Collier and Larry Magid discuss the special issues affecting children and internet privacy
    • For broadband connection
    • For 56K dial-up modem connection

  • Here's a complete set of step-by-step video tutorials that will help walk you through changing the security, privacy and anti-spam settings on your computer and your web browser(s).