Approximately 8.6 million households had at least one member age 12 or older experience identity theft in 2010, according to the Bureau of Justice Statistics. This was an increase of roughly one-third over the previous report in 2005.
Despite warnings, consumers still share personal information on social networks that fraudsters can use to authenticate their targets’ identities, according to consumer security consultants. The risk is even greater at the workplace, where inadvertently downloaded malware can disable an entire enterprise system.
So what can retailers and shoppers do this holiday season to make sure they’re not unwittingly buying Christmas presents for a criminal? Jon Ramsey of Dell SecureWorks put together a list of key steps for sellers and buyers. I’ve excerpted several below. For the complete list of tips, read the full post on Direct to Dell.
Security Tips for Online Shoppers:
- Be aware that some email presented as holiday gift card or coupon offers can bear malicious links.
- Type the website address of the retailer into your browser. Following links provided by email offers or pop up ads often lead to fraudulent sites.
- Check that your web browser shows “https” (as opposed to just “http”) as that “s” lets you know that the website is providing a layer of security for transmitting your personal information over the Internet.
- Watch those links on social networking and micro blogging sites. With shortened URLs, it’s easier to disguise the destination of the malicious links.
- Be wary of any emails notifying you that your banking certificate or token is out of date and to download a new certificate or token. Call your financial institution to verify, on a number not provided in the email.
Security Tips for Retailers:
- Keep your computer applications, operating systems and security software updated, making sure servers and workstations are fully patched promptly and regularly.
- Implement a robust Intrusion Prevention Solution (IPS) to defend against cyber threats.
- Use a dedicated computer for financial matters (banking, bill payments) and this computer should not be used for emailing or surfing the Web.
- Enact a policy where employees do not click on links or attachments within emails from untrusted sources.
- Enforce policies that forbid employees from downloading executable files via the Internet, using peer-to-peer networks, or visiting risky websites.
- Have a security expert implement, maintain and monitor a Web Application Firewall.
- Scan network and web applications regularly.
- Conduct regular code audits to ensure that Web applications and other software programs are written securely.
- Even if you don’t intentionally use any wireless technology, you need to be aware of the PCI guidelines and periodically verify that unauthorized access points and devices aren’t introduced into the cardholder data environment (CDE) in order to be in compliance and avoid threats from rogue devices.