What can you do?

  • Have antivirus and antispyware software installed in your computer. Several computer magazines have recomended to have an stable antivirus program along with Spybot and Ad-Aware.

  • Maintain all software up-to-date (i.e. Windows Update, Office Update, virus definitions)

  • Do not open questionable emails or pop-up ads.

  • Refrain from saving personal and financial information in your computer. It is handy, but is risky.

  • Subscribe to one or two online security newsletters and check sites like Symantec.com or CERT/CC to keep with the latest threats.

  • Never give personal information over email. Verify message validity. Sites usually ask for login information when a user requests access or to complete a transaction started by the user. Social engineering still remains a main source of identity theft.

  • When performing transactions online, verify that the connection is secure.

  • Get a digital certificate.

  • Research

Protecting Web Sites

  • Application Design Should always use Secure HTTPS and TCP port 443
  • A digital certificate is needed to support this
  • Always err on the side of caution
  • Encryption should be used for both internal and external communications
  • Should have at least two facilities for highly available, front line web sites
  • Should have duplicative hardware and geographic diversity
  • All servers should be located behind a firewall in a DMZ
  • Expose only system which must be available to the public. The architecture should not be apparent to the public (hidden subnets)
  • Outsourcing Applications (ASP) Application Service Providers are available if feasible