What can you do?
- Have antivirus and antispyware software installed in your computer.
Several computer magazines have recomended to have an stable antivirus
program along with Spybot and Ad-Aware.
- Maintain all software up-to-date (i.e. Windows Update, Office
Update, virus definitions)
- Do not open questionable emails or pop-up ads.
- Refrain from saving personal and financial information in your
computer. It is handy, but is risky.
- Subscribe to one or two online security newsletters and check
sites like Symantec.com or CERT/CC to keep with the latest threats.
- Never give personal information over email. Verify message validity.
Sites usually ask for login information when a user requests access
or to complete a transaction started by the user. Social engineering
still remains a main source of identity theft.
- When performing transactions online, verify that the connection
- Get a digital certificate.
Protecting Web Sites
- Application Design – Should always use Secure HTTPS and TCP port
- A digital certificate is needed to support this
- Always err on the side of caution
- Encryption should be used for both internal and external communications
- Should have at least two facilities for highly available, front
line web sites
- Should have duplicative hardware and geographic diversity
- All servers should be located behind a firewall in a DMZ
- Expose only system which must be available to the public. The
architecture should not be apparent to the public (hidden subnets)
- Outsourcing Applications (ASP) Application Service Providers are
available if feasible