This is an archived article that was published on sltrib.com in 2015, and information in the article may be outdated. It is provided only for personal research purposes and may not be reprinted.
As millions of Americans shop the Web this holiday season, a top U.S. advocate for online security is urging special caution.
All that digital gift-giving— from bargain hunting and credit card transactions to package tracking and delivery— offers a bounty of opportunities for criminals posing as legitimate companies via email to trick users into handing over valuable data, warned Michael Kaiser, executive director of the National Cyber Security Alliance.
Heightened online retail activity this time of year dramatically boosts the risk of these so-called phishing attacks, which remain the primary way hackers dupe average Internet users into giving up personal information.
"We're very concerned," Kaiser said. "We want people to take a deep breath and say, 'I'm not going to click. I'm going to go back to the original site and go in and make sure this isn't fake.' "
Financed jointly by private industry and the U.S. Department of Homeland Security, the Washington, D.C.-based National Cyber Security Alliance (NCSA) offers wide-ranging advice to safeguard online transactions — with major implications for Utah families, startup companies and rapid advances in home-appliance technology.
"We really see the connection between privacy and security as being extremely important," Kaiser said during a visit last week to Salt Lake City. "You really can't have one without the other."
Rather than pushing drastic changes in individual Internet behavior or use of protective widgets such as encryption or online identity shields, the group's message centers on more critical thinking by users— part of its national "Stop. Think. Connect." awareness effort.
"It's becoming the 'look both ways before crossing' message for Internet security," Kaiser said of the campaign, launched in 2010. Mindful caution on the Web, he said, "has a lot to do with privacy and security online. You have to make judgments in the moment all the time."
The group is also a major sponsor of Data Privacy Day, scheduled for Jan. 28 to highlight respect for digital privacy, safeguarding data and fostering trust on the Web.
Given society's increasing reliance on computing technologies, cyberthreats from malicious nation-states, online criminals and politically motivated "hacktivists" are steadily rising.
"There is more and more data being collected," Kaiser noted, "and so, incrementally, that just increases the risk over time."
Public attitudes also are shifting, he said, in light of a series of highly publicized data breaches against major retailers and cyberthefts of personal records about millions of U.S. residents from the federal Office of Personnel Management.
Stolen medical information, in particular, has created new levels of uncertainty and distrust.
"Those kinds of breaches are much more scary for people," Kaiser said. "That information can't be changed or gotten back, so how do you deal with that?
"Some of that information never made it to the black market," he added. "So where is it? How is it being used? And what do I do the next time I go to the doctor and they ask for all this personal information about me? Do I tell them the truth?
"People should be asking those questions everywhere they go," Kaiser said. "Is my personal information being protected?"
Widening worries about data loss also have highlighted the need for fledgling technology companies — including those in Utah's startup sectors— to embed security measures and privacy protections in their products early on, rather than as an afterthought.
The NCSA is calling on venture investors to take an active role in pressing for security.
"It will not only secure their investments," Kaiser said, "but also make that investment more valuable down the line."
Immense data losses are damaging by themselves, but they may also pose a future menace as criminals combine pieces of stolen personal information from disparate sources.
"What can you start to understand about people?" Kaiser asked. "We just don't understand the interaction between all this data and those risks right now."
Yet even as online vulnerabilities rise, surprisingly few U.S. families appear to be taking basic precautions.
A survey by NCSA and the IT security firm ESET, released in October, found that 60 percent of American parents let their kids share passwords with friends. Seventy percent don't limit the personal information their children post on social networks. Only 25 percent to 30 percent of parents restrict what youngsters are allowed to download or their use of digital devices at the dinner table or after bedtime.
"We were shocked," Kaiser said. "Our eyes were very widely opened to the fact that families have very few rules."
The NCSA also sees major risks on the horizon from the proliferation of Web-connected sensors and appliances. These home-based systems regulate everything from front doors, refrigerators, baby monitors, smoke detectors and thermostats to self-driving cars, in what some call the "Internet of Things," or IOT for short.
"Each one of those devices is potentially hackable," Kaiser said. "We're really concerned about IOT on privacy and security. The technology could be incredibly powerful, but, on the other hand, it could also be incredibly intrusive.
"Just because it's going into the cloud," he noted, "that doesn't mean it's secure."
Twitter: @TonySemerad —
Common-Sense Tips for Cybersecurity
• Use multi-factor authentication (MFA) on all email accounts.
Hacked email accounts are especially damaging, because email is the main way passwords on other accounts are reset. Instead of typing in one password to log in, MFA requires two steps or more to ensure your real identity. You might answer a simple question, identify a picture or enter several key words to get access. MFA is available on major online services such as Gmail, Hotmail and Yahoo.
• Update or upgrade your home router.
They sit in a corner, blink lights and collect dust as though unimportant, but home routers can be highly vulnerable to hacking. Most owners do not change preinstalled passwords on their routers and do not regularly update their software with security patches.
• Be wary using public Wi-Fi on your mobile device.
Money-conscious smartphone users naturally prefer using free public Wi-Fi over a cellular connection that racks up bills on their data plans. But these links are risky. When using free Wi-Fi, avoid logging onto any accounts or trading personal information.
• Engage your privacy settings.
Web and mobile users may not be able to control all their personal information, but it's vital they understand what is being collected about them and what say they have in how it's used and how securely it's stored.
Source: National Cyber Security Alliance / staysafeonline.org