-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-013
Guidelines for Publishing Information Online
Remember that the internet is a public resource. Avoid putting anything
online that you don't want the public to see or that you may want to
retract.
Why is it important to remember that the internet is public?
Because the internet is so accessible and contains a wealth of information,
it has become a popular resource for communicating, for researching topics,
and for finding information about people. It may seem less intimidating than
actually interacting with other people because there is a sense of
anonymity. However, you are not really anonymous when you are online, and it
is just as easy for people to find information about you as it is for you to
find information about them. Unfortunately, many people have become so
familiar and comfortable with the internet that they may adopt practices
that make them vulnerable. For example, although people are typically wary
of sharing personal information with strangers they meet on the street, they
may not hesitate to post that same information online. Once it is online, it
can be accessed by a world of strangers, and you have no idea what they
might do with that information.
What guidelines can you follow when publishing information on the internet?
* View the internet as a novel, not a diary - Make sure you are
comfortable with anyone seeing the information you put online. Expect
that people you have never met will find your page; even if you are
keeping an online journal or blog, write it with the expectation that it
is available for public consumption. Some sites may use passwords or
other security restrictions to protect the information, but these
methods are not usually used for most websites. If you want the
information to be private or restricted to a small, select group of
people, the internet is probably not the best forum.
* Be careful what you advertise - In the past, it was difficult to find
information about people other than their phone numbers or address. Now,
an increasing amount of personal information is available online,
especially because people are creating personal web pages with
information about themselves. When deciding how much information to
reveal, realize that you are broadcasting it to the world. Supplying
your email address may increase the amount of spam you receive (see
Reducing Spam for more information). Providing details about your
hobbies, your job, your family and friends, and your past may give
attackers enough information to perform a successful social engineering
attack (see Avoiding Social Engineering and Phishing Attacks for more
information).
* Realize that you can't take it back - Once you publish something online,
it is available to other people and to search engines. You can change or
remove information after something has been published, but it is
possible that someone has already seen the original version. Even if you
try to remove the page(s) from the internet, someone may have saved a
copy of the page or used excerpts in another source. Some search engines
"cache" copies of web pages; these cached copies may be available after
a web page has been deleted or altered. Some web browsers may also
maintain a cache of the web pages a user has visited, so the original
version may be stored in a temporary file on the user's computer. Think
about these implications before publishing informationâ??once something is
out there, you can't guarantee that you can completely remove it.
As a general practice, let your common sense guide your decisions about what
to post online. Before you publish something on the internet, determine what
value it provides and consider the implications of having the information
available to the public. Identity theft is an increasing problem, and the
more information an attacker can gather about you, the easier it is to
pretend to be you. Behave online the way you would behave in your daily
life, especially when it involves taking precautions to protect yourself.
_________________________________________________________________
Authors: Mindi McDowell, Matt Lytle, Jason Rafail
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
Note: This tip was previously published and is being
re-distributed to increase awareness.
Terms of use
http://www.us-cert.gov/legal.html
This document can also be found at
http://www.us-cert.gov/cas/tips/ST05-013.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit
http://www.us-cert.gov/cas/signup.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTGQSZz6pPKYJORa3AQIMLgf/fNv+pWmMHL8zyJ78/r7/s+EAU/BaPAvW
Z4oiDZllINdjIsJeH3w/lL2BwPp7QIackyZKvOSUos9tO8QyuibRA8DkkTJ2ASEL
V2ua+Cn8yKuZ47lFwxuWq70NIN9CBVOeipmMh4o/YkX5NbK2WttozJEfuyHHQKad
hwReECAEy7+8MVNBD5SMPsBej8hFFizc8yhw+5hTJaUav7ffipMacnnrRLWlhn7i
of8gijM0xvHnPruOjHUvtB9Gt+wtLQl6/ld+FOcB8fWldo07nRpmT4Arur04TpsA
DqrIIQL+bQdl8/rE1FBdhjt57f4ersGp0owKU3x0eukA+FnwWBbenQ==
=kHZV
-----END PGP SIGNATURE-----
