That said, it’s done now and a massive 77 million people have had their personal information exposed.  We still don’t know how much information this includes and what it could be used for.  One thing is for certain, people such as the ‘security expert’ who went on the BBC this week and said if you haven’t seen fraudulent transactions on your credit card yet you’re probably safe, are just idiots.  How quickly do these people think criminals can get through 77 million records?

I thought I’d write up some strategies here to help keep you and your personal information safe online.  Some of these you will be able to implement and some you won’t, but in conjunction they ought to make you safer.

Keep your email and online files password safest

This isn’t just to do with Spam, it’s something I wrote about here a few days ago.  Create yourself a super-strong password (see below for advice on how to do this) that you use only for your email, contacts and anywhere that you store documents online, such as SkyDrive or DropBox.  It’s essential to keep this information safe.  You are being trusted by others with valuable contact information attached to your email account for, sometimes, several hundred other people including their full addresses, mobile phone numbers, dates of birth and more.  This isn’t to mention any personal financial or other sensitive data you’re storing in your online files.

Use different passwords in different places

This isn’t always easy to do as people have trouble remembering passwords so tend to have just one or two.  There’s nothing to stop you writing down a list of passwords in a file on your phone (if you have a code lock on the handset) or at home if you have them in code.  For instance you could have the letter s appended to the beginning of the password.  To any glancing eye it just looks like an extra letter on the code.  You will know that is the password you use for shopping websites.  A g could signify gaming websites and so on.  While remembering passwords might be a pain when away from home and on new computers, your own computer equipment will usually remember the passwords for you.

Create a strong password

The strongest and most secure password follow the same rules…

• Make it at least 10 characters in length
• Use a mixture of Lower and Upper-case letters
• Use numbers (you can substitute some for letters too, 0/o, 1/i/l, 5/s and so on)
• Use symbols (which you can also substitute for letters, $/s, _/L, #/o for instance)
• Do not ever use the following (common words, names, date of birth, the word password)

One thing to note with this is that many websites still won’t allow you to use certain characters (usually *) in passwords.

Never use your banking passwords or PIN

Your banking password and card PIN number are for your banking ONLY.  Do not ever use them on any other service or website!

Minimise the information you share

This can be difficult.  On websites such as social networking it’s easier to do and you should never share…

• Address
• Phone numbers
• Date of Birth

But sometimes, especially in the case of a website you’ll have financial dealings with this is unavoidable as they need your date of birth and address for security.  Go back to my previous rule about different passwords for different websites for this situation then.

If a web service is hacked though any and all information that you share is vulnerable.  If you must give away this information to validate yourself on a website can you remove or change it afterwards?  Will the website’s service still work for you if you later log into your account and either remove the information completely or change it, perhaps by changing the phone number to 12345?

Be careful with usernames and email addresses

You can inadvertantly share useful information in your email address and usernames.  It’s common for someone to append their date or year of birth to these.  Always avoid doing so!

Use online banking

If you use online banking you can keep a much closer eye on transactions on your accounts.  Rather than have to wait up to 30 days for your statement to arrive, online banking will usually show you the most recent transactions whenever you log in.  This is an excellent way to see if someone is fraudulently using your credit or debit cards so that you can inform the bank promptly and have those cards cancelled, minimising the economic effect on you.  Remember it can take the banks a while to refund money to you.

Reduce the surface area for attack

Again this is something I wrote about at the beginning of the week.  Try not to sign up for every website and web service going.  Don’t spread yourself out on the web so far that you’ll never remember where you have accounts.  Keep and eye on your email and junk folder.  Occasionally these websites will send you an email and you can use this as a reminder to go back there and either remove or replace any personal and sensitive information, or preferably, just close the account completely.

Be vigilant

To be honest there’s absolutely nothing you can do to prevent a hacking attack such as the one that recently hit Sony.  It could happen to any company at any time, no matter how big or small they are.  The trick is to not have the information that can be exploited avillable to begin with but this is rarely easy in today’s Internet age.  The best advice I can give is simply to be vigilant and aware of what’s going on with your banking and your accounts.  With these simple rules you won’t be completely protected, but you can at least minimise the damage if something does go wrong.

Locate PC only works if the thief is stupid enough to boot your computer while being connected to an internet connection. I cannot really say how many thiefs would do that but it can happen and that’s probably reason enough to use Locate PC. A slim chance is better than no chance at all, don’t you think ?

Locate PC (via Cybernet News) will send emails periodically whenever the PC is connected to the Internet, by default one email is send per day and another one for every IP change. The application is running in the background with an obscured filename and no system tray icon making it harder to identify. I would say that you do not need to worry about that though, if the thief really boots the PC while it is connected to the Internet then you should not fear that he will discover the little tracking application.

One thing that actually might work pretty well is to create a bogus account that does not require a password. I mean, a thief that gets a password prompt will probably not be able to load the operating system which would make the whole configuration void.

The emails that are send contain several interesting information, not only the IP that it is being send from. It displays the computer’s host name and logged in user. This will be probably your information though. More interesting are the network connections that are listed. A dialup connection would reveal the phone number and the user name which can lead directly to the thief.

A traceroute command is issued as well and identifying information are pulled from Windows. The important information that can lead to the thief are the IP address, the network connections and the traceroute command. Everything else will be your information unless the thief decides to chance the name and address of the owner to his own.