-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cyber Security Tip ST05-013 Guidelines for Publishing Information Online Remember that the internet is a public resource. Avoid putting anything online that you don't want the public to see or that you may want to retract. Why is it important to remember that the internet is public? Because the internet is so accessible and contains a wealth of information, it has become a popular resource for communicating, for researching topics, and for finding information about people. It may seem less intimidating than actually interacting with other people because there is a sense of anonymity. However, you are not really anonymous when you are online, and it is just as easy for people to find information about you as it is for you to find information about them. Unfortunately, many people have become so familiar and comfortable with the internet that they may adopt practices that make them vulnerable. For example, although people are typically wary of sharing personal information with strangers they meet on the street, they may not hesitate to post that same information online. Once it is online, it can be accessed by a world of strangers, and you have no idea what they might do with that information. What guidelines can you follow when publishing information on the internet? * View the internet as a novel, not a diary - Make sure you are comfortable with anyone seeing the information you put online. Expect that people you have never met will find your page; even if you are keeping an online journal or blog, write it with the expectation that it is available for public consumption. Some sites may use passwords or other security restrictions to protect the information, but these methods are not usually used for most websites. If you want the information to be private or restricted to a small, select group of people, the internet is probably not the best forum. * Be careful what you advertise - In the past, it was difficult to find information about people other than their phone numbers or address. Now, an increasing amount of personal information is available online, especially because people are creating personal web pages with information about themselves. When deciding how much information to reveal, realize that you are broadcasting it to the world. Supplying your email address may increase the amount of spam you receive (see Reducing Spam for more information). Providing details about your hobbies, your job, your family and friends, and your past may give attackers enough information to perform a successful social engineering attack (see Avoiding Social Engineering and Phishing Attacks for more information). * Realize that you can't take it back - Once you publish something online, it is available to other people and to search engines. You can change or remove information after something has been published, but it is possible that someone has already seen the original version. Even if you try to remove the page(s) from the internet, someone may have saved a copy of the page or used excerpts in another source. Some search engines "cache" copies of web pages; these cached copies may be available after a web page has been deleted or altered. Some web browsers may also maintain a cache of the web pages a user has visited, so the original version may be stored in a temporary file on the user's computer. Think about these implications before publishing informationâ??once something is out there, you can't guarantee that you can completely remove it. As a general practice, let your common sense guide your decisions about what to post online. Before you publish something on the internet, determine what value it provides and consider the implications of having the information available to the public. Identity theft is an increasing problem, and the more information an attacker can gather about you, the easier it is to pretend to be you. Behave online the way you would behave in your daily life, especially when it involves taking precautions to protect yourself. _________________________________________________________________ Authors: Mindi McDowell, Matt Lytle, Jason Rafail _________________________________________________________________ Produced 2005 by US-CERT, a government organization. Note: This tip was previously published and is being re-distributed to increase awareness. Terms of use http://www.us-cert.gov/legal.html This document can also be found at http://www.us-cert.gov/cas/tips/ST05-013.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTGQSZz6pPKYJORa3AQIMLgf/fNv+pWmMHL8zyJ78/r7/s+EAU/BaPAvW Z4oiDZllINdjIsJeH3w/lL2BwPp7QIackyZKvOSUos9tO8QyuibRA8DkkTJ2ASEL V2ua+Cn8yKuZ47lFwxuWq70NIN9CBVOeipmMh4o/YkX5NbK2WttozJEfuyHHQKad hwReECAEy7+8MVNBD5SMPsBej8hFFizc8yhw+5hTJaUav7ffipMacnnrRLWlhn7i of8gijM0xvHnPruOjHUvtB9Gt+wtLQl6/ld+FOcB8fWldo07nRpmT4Arur04TpsA DqrIIQL+bQdl8/rE1FBdhjt57f4ersGp0owKU3x0eukA+FnwWBbenQ== =kHZV -----END PGP SIGNATURE-----