Protecting Your Private Information Online

Protecting your information online is tricky, and worst of all, is not only dependent on you. But there are a few things you can do to prevent running afoul of this phenomenon.

Firstly lets talk about why you need to protect your information online. Apart from the obvious discomfort at information you consider private being learned by others there are a number of ways that this information is used by criminals that will eventually cause you some distress. The first of these is credit card fraud. If unscrupulous people learn your credit card details (and we will talk about how this, and other identity theft can happen below) then they will use it to try and buy goods and services, which the credit card company will try and bill you for. Depending on the card agreement, the merchant usually takes the risk and so eventually you will probably not have to pay these fraudulent charges. But you may spend a long time on the telephone getting the matter sorted, and it may take months to resolve. During that time you may not be able to use your credit card either.

Another way the crooks might try and use this information is for "Identity Fraud", where they pretend to be you in order to enter into some sorts of agreements/contracts, typically to obtain credit of some sort or another, usually for a highly mobile asset which they can quickly sell. So it is unlikely they would buy a house using your identity - the goods would be too easy to recover when the fraud came to light, but they might try and get a 50,000 overdraft in your name, secured against your house. Usually the amounts of money involved are substantially higher, and the creditors (bank or whoever) are far more tenacious at chasing up the bad debts. In the end chances are you wont be held to account for the fraudulent transactions, but it isn't unusual for people to have to spend a substantial amount on solicitors to prove they aren't the guilty party.

And of course there are the minor irritations such as increases in addressed junk mail that turns up in your letter box.

So, how do you protect yourself? Apart from making sure your computer is reasonably secure (and there are other articles here on the blog about this) the other thing to do is to make sure you don't inadvertently give your private information to the bad guys...

Be Careful Who You Are Giving Your Information To

A snazzy looking website is not that hard or expensive to set up. Running a secure website, that protects people's information is very difficult, and is something that a lot of organisations get wrong. So it isn't that the people asking for your information are dodgy - most of them are honest enough. The problem is they normally don't have the time or the resources to protect your information properly.

The Padlock Doesn't Mean What You Think It Does

You may have been told to look for the padlock on browser windows as a way of checking the security of a web site. While the padlock is better than nothing it perhaps doesn't mean exactly what you think it does. The padlock means that data can't be stolen while it is travelling between you and the website, but it is no guarantee the information can't be stolen from the website once it gets there, or that the website itself can be trusted. That's why sometimes it is better not be to be completely honest with websites and to...

Make Up Another Identity

Make up another identity for yourself, and use it when a website requires registration. Now there are times you mustn't do this - like for an Australian Government website, an airline booking, the electric or phone company, but if this is just an online forum, or a newspaper that requires registration before it will let you read the paper then make up an identity apart from your own and use that.

You might even like to have a "standard" made up identity that you use, with a birthday you can easily recall etc.

Some of you may say that marketers need some of this information to understand who they are selling to better. Perhaps, but they only need to understand general demographics, not your exact details. If you are worried about this make the alternate identity similar to your own (born the same year, same gender etc).

Others may question the ethics of not being completely honest with websites. It's a reasonable point but consider this - if some people you didn't know came up to you in the street and asked you where you lived, and what times you were home you would probably, quite rightly, refuse to tell them.

Give as Little Information as Necessary

Most of the time when you register for an account on the website you will see that some of the fields are marked with an asterix "*" while others are not. You don't need to complete those without an asterix - you can just leave them blank.

Have a Gmail or other Temporary Email Account for Registrations

A lot of websites insist on getting your email address as part of the registration process. Don't give your real email address to these websites.

Instead, set up an email address with google mail, or some similar free email provider. In this way you will keep your real email account free of spam, and after a couple of years you can simply move onto another temporary email account if necessary.

Don't Let Websites Store Your Credit Card Details

Some websites, if you are buying things using a credit card, give you the option of storing your credit card details for your next purchase. Unless you are back there every day it is best to not store your credit card, and to simply enter it every time you need to buy goods using that site.

If a hacker breaks into that website, and steals their database, then if you have saved your credit card number they now have all the details they need to start buying goods and services using your card.

Privacy Statements are No Guarantee of Security

If you are dealing with an Australian business or organisation then they are obligated by law to comply with their privacy statement. However, if they say in their privacy statement "we will sell your information to the highest bidder" then they can sell your information to the highest bidder, and dodge the Privacy Act because they "informed" you what they were going to do. So unless you've read the privacy statement you really can't rely on it. And even if the company has the highest standards in its privacy statement, there is no guarantee their information will not be stolen.

As for overseas companies well - they might comply with their privacy statements. There might be legislation in that country that requires them to comply. But it might only require them to comply for citizens of that country, or any other of a dozen ways that they might be able to dodge their responsibility to you.

Now - it isn't our intention to unfairly characterise all businesses and organisations in this way. Many (the majority in fact) will try and look after your information. But not all of them. Even those that do try to handle it ethically are usually not well resourced enough to make sure the information is really secure. So take some of the steps recommended here to protect yourself.

In the end avoiding identity fraud is a bit like road safety - you can just be unlucky, but if you only give your real information to people who need to know it you can go a long way towards preventing this from happening to you.

Other Resources

• Stay Smart Online - Australian Commonwealth Governent - there is some useful stuff here including the Budd:e learning package for primary and secondary students.
• Get Net Wise - Site with plenty of practical help on how to keep your private information private.
• Protecting Your Information On FaceBook - If you use social networking sites you need to check (and possibly restrict) who can see the information on your facebook (and other pages).

Thin Clients

From time to time you may have heard IT people talking about “thin clients” and wondered what they were talking about.

Firstly - no – chances are they aren’t doing a sideline in diet pills. Secondly, explaining the difference between a thin client and a thick client may be a little tricky. Rather than trying to explain the technical difference we thought we might try and explain the impact of each approach on an organisation.

To try and see the difference between a thin client and thick client imagine you needed to get a group of people from one place to another. If it was only a handful of people they might all have company motor cars, or they might share a company motor car. This works for small groups, but as the numbers start to get larger it becomes less and less practical (there isn’t enough parking at the destination, everyone needs to submit their fuel claims, a couple of people’s cars don’t work properly and need to be repaired before they can go, and some people also get lost on the way).

This is somewhat analogous to a “thick client” solution. Everyone has the utility and flexibility to go wherever they need to with only minor constraints (you need to travel on a road, follow the company vehicle use policy etc). The downside for the organisation is it needs to pay to maintain a whole fleet of cars, and substantial effort is spent keeping vehicles running properly.

Now consider an alternate approach. If everyone is going to approximately the same place every day (ie using the same applications) then maybe the organisation is better of with a bus. To move a large group of people there is less administration, parking problems, vehicle maintenance etc, and only the driver needs to know where the bus is going (so you only need to buy 1 GPS instead of 50).

The bus is more like a “thin client” or terminal solution. The people onboard have less freedom and flexibility, but provided they were all going that way anyway this may not be a big deal. Like the bus, a terminal solution requires certain equipment (a terminal server), which can be a substantial capital outlay relative to a few motor cars, but at some point, provided all staff are served well enough by the bus, it will be cheaper to run than the fleet of cars. The graph below illustrates this concept in terms of cost.

As you can see the terminal based approach has a higher set up cost but as the number of stations increases it is more cost effective. Now don’t worry about the exact numbers in this diagram – there are a whole lot of factors that influence this, but understanding this basic relationship is an important part of understanding the value of a terminal based approach.

The value proposition is as follows: If your requirements suit it, then the terminal server solution can deliver productive, reliable computing at a lower cost per station than using thick clients for all staff.

However, going back to our “bus” model can also help us see situations which terminal servers are not well suited to:

• Everyone is going to a different place – If everyone needs to run completely different applications then the terminal server may not be the right approach
• Everyone needs to attach different equipment – the bus can only have so many trailers attached to it. If everyone needs to use a PDA, or special data logger, or other peripheral then the bus may not be the right approach.
• Some Requirement’s Don’t Socialise Well – Just like the bus there is limited space and capacity on the terminal server before applications can start to seriously interfere with others ability to use the service. These “anti-social” requirements are probably better suited to stand alone thick clients.

You can also mix and match terminal and thick client deployments. For example, if 80% of you staff have “basic” needs you can have them use a thin client. The users with additional requirements can use a thick client for all the special tools they need, and use a software thin client to access the normal “corporate desktop” – they use the bus for the same things as everyone else, and only use their thick client for special jobs.

As you may have already surmised an important part of operating a successful terminal server installation is discipline. The organisation needs to be disciplined enough to protect the reliability of the terminal server by not letting unnecessary software be installed, and having the time and patience to set up user access so that staff can’t accidentally damage the server. This is one of the reasons that organisations with a mature outlook at Information Technology are the ones most likely to gain benefit from an investment in a terminal type approach.

While we have spoken quite a bit about restrictions it is important not to oversell these for a terminal solution. Staff that only need to use word, excel, email and a web based database or two can operate quite successfully on terminal solutions and never even know that they don’t have their own computer.

There are however, odd things that can catch you by surprise. A typical example is displaying video. As you probably know video is a rapid sequence of still pictures that our eyes interpret as motion. Due to the nature of the technology terminal solutions usually can’t send this stream of pictures fast enough to make a cohesive video – to fool our eyes into thinking it is watching real motion. Now that probably seems all right, until you realise that you were planning on rolling out video based training to your staff. New techniques may (and are) change this in the future, but it is an example of where the normal utility of a PC is not necessarily available for a thin client.

Another interesting issue that emerges with thin clients is printing. One advantage of thin clients is that they often work very well over skinny network connections. However, while the staff member’s experience when working on a document is good, due to the vagaries of drivers, printing can be a completely different issue. That innocent ten page document can blow out into hundreds of megabytes of information which takes minutes and minutes to download and print.

So before you make a decision to go to thin clients you should have a really clear idea of what your staff are going to be doing with their computer access. If you can’t be sure on their requirements, but you still think thin clients is the way to go you need to be mindful of the risks that such an approach entails. You may find a need down the track that thin clients can’t meet, and you will end up with some thick clients. However, if you have a clear understanding of what you will be using thin clients for, the opportunity to save some money can be substantial.

Green Light IT Hosting Business After Business

Green Light IT, along with the Ainslie Football Club, will be hosting the ACT Chamber of Commerce's Business after Business for July.

Date: 30 July 2009

Time: 6pm

Venue: Ainslie Football Club

If you are a member of the Chamber you will be familiar with these functions. If you are a Green Light IT SME Customer, and have never been to one of these functions it might be the perfect time to take a look.

For more details including how to RSVP please review the Chamber's announcement.

Home Services

Green Light IT is pleased to announce the launch of its Home Services. From the 6th of July we can help you with all your Home IT problems. We are open from 8am until 9pm Monday to Friday, and we have a number of services to make the inconvience of getting your computer sorted out as convenient as possible, including:

• Free telephone consultation to determine the best course of action for your computer.
• Free pick up and return to your door by our delivery driver if your system needs to come to the workshop (conveniently between 6pm and 9pm weeknights).
• The ability to fix minor problems over the telephone using our remote support tools.
• An in-home service if required to fix a problem.
• The confidence of knowing that you will be consulted before any additional charges are incurred.

Think we can help - call Green Light IT on 1300 GO GLIT (1300 46 4548).

Welcome

We know, we know - blogs are so 2006. Nevertheless, with the success of our newsletters, and the fact that we often found ourselves wanting to say more, but feeling pressed for space it has become obvious that we need a place to keep you up to date with what is happening at Green Light IT that is a little more immediate than the newsletter.

It will also give us an opportunity to treat some issues in a little more detail, as well as convenient stuff like being able to easily hyperlink other information etc.

The categories list at the side might give some hints at the sorts of things we will be using this space for, so welcome, and please don't hesitate to drop us a line if you would like to give us some feedback, or even see some particular issues considered and written up on the blog.

The Team at Green Light IT.