Fact Sheet 118  PC Perfect
Information Safety Quiz

Please answer yes or no to each question. The key to scoring can be found at the bottom of this test. Don’t cheat and look ahead. What is your “PC (Personal Communication)” handling score?
 
If your computer connects to the Internet by any method:

1. Do you keep highly sensitive information (Social Security numbers- SSN, account numbers, passwords or financial records) on your connected PC?
2. Do you check the validity of site certificates when sending sensitive information to another website?
3. Do you check for locks (bottom right browser status line) or the notation that the site is secure (https:// = secure = lock in status line) prior to entering sensitive information to that site?
4. Do you fully trust those you share your PC with? This includes co-workers, relatives and roommates.
5. If you use file-sharing programs, have you verified which of your folders are opened for sharing by others who use the program?  These folders are available for anyone to see, modify or copy.
6. Do you password protect your computer so only you can access your files?
7. Do you have software firewall protection on your computer, or a hardware firewall, or both? 
8. Do you check for updated firewall patches/upgrades at least every month?
9. Do you have virus protection installed and update virus definitions automatically?
10. Do you run a full virus scan on your hard drive at least every 2 weeks?
11. Do you have spyware protection and regularly (once a month) run a full spyware scan?
12. Do you leave sensitive files open and unguarded so that anyone walking by can read them?
13. Do you know how to properly delete files so that they are unrecoverable in the event you give away your computer?
14. Do you open email documents, executable or screensaver attachments from unknown sources?
15. Have you created a website in which you have included personal information or given permission for this information to be included on someone else’s site including SSN, birth dates, or mother’s maiden name? This might include a resume or a genealogical chart.
16. When using public PCs (eg. in libraries, cyber-cafes, etc.), do you make sure that you fully log off a secure website (email, banking, etc) rather than just close down the browser?
17. At work, do you give out your user id and password to colleagues other than your managers, just in case they need to access some material on your hard drive or email during your absence?
18. Do you give your personal information to telephone solicitors or to people who send Internet emails?
19. Do you provide personal information via emails from reputable websites with whom you may or may not have done business? This information may include SSN, account verification information, financial account numbers.
20. Do you keep up with scam alerts, such as phishing and other e-scams? 
21. Do you discard papers with sensitive information into your garbage can/recycle bin without cross cut shredding or making it unreadable? This includes pre-approved credit card offers, account statements, health insurance benefit statements, balance forward checks, cash register receipts with credit card info on them and tax records.
22. Do you give out your SSN/SIN number without asking for justification for the request?

Points:  Give yourself one point for each correct answer. The correct answers are in CAPS.

1. If you encrypt the information the answer can be YES. If you don’t encrypt, the answer should be definitely be NO for your most sensitive information. You must safeguard your information if you are going to store it on your computer and encrypting keeps data safe from intrusion.
2. YES - Without certification you don’t know if the company is real or the information is being transmitted safely.
3. YES - These locks and https codes help you know that you are transmitting via a safe system. If the padlock is open, do not transmit sensitive information!
4. NO - Unfortunately in today’s world, no one is beyond temptation. No one should have access to your sensitive information except you. Did you know that about 14-20% of all ID theft cases involve a person that the victim knew and trusted?
5. YES - Only allow others access to information that you wish to be publicly known. If you would not allow it to be in the newspaper, do not entrust it to others by inadvertently sharing folders.
6. YES - This is an important issue for both personal and business computers. Even if you are the only person who lives in the house, you may have a houseguest who goes through your computer when you are sleeping. In a business setting, computer security is critical and personal information must be kept as secure as any other proprietary information.
7. YES - Firewalls keep other computers from accessing your local computer information while you are connected to the Internet. You can purchase software or hardware firewalls, get free shareware ( www.zonealarm.com ) or you may find that your Internet Provider already has firewall systems in place.  Most newer “wireless routers” also have reasonably good built-in hardware firewalls. 
8. YES - Installing a firewall is important but keeping it updated against new viruses and computer hacking systems if just as important.  These are almost always free downloads, i.e.: Windows Update, Linksys or Netgear router upgrades, etc.
9. YES - Again, new viruses are being created daily. Keep your protection current.  It is best to have it set to automatically update the virus definitions as needed.
10. YES - same answer as above.  Remember, virus scanners must use current definitions in order to catch current viruses!
11. YES - Some tools you may want to investigate are Ad-Aware and Spybot Search & Destroy.  They are free downloads to single users.  They are the leading manufacturers of such tools on the Internet. 
12. NO - The same rule applies as for question #5. The only things that should be visible to others would be information you would allow to be publicly displayed.
13. YES - However, you may only answer “yes” if you understand that sending an email or file to “delete” is not deleting a file. They can be recovered.  There are special software programs that will completely overwrite the information so that it is almost irretrievable.  If in doubt, remove and keep the hard drive before giving away a used computer. 
14. NO - Opening an attached document, executable file (.exe or .bat.com) or screensaver attachment from someone you do not know is asking for trouble. This is a very common way to send viruses or Trojan horse programs that could destroy not only your computer but the computers of anyone in your computer email address book, or allow a remote user to gain complete access and control of your computer.  Common sense and good Antivirus programs are a must to avoid these threats.
15. NO - ID thieves surf for this information, and spammers also “harvest” email addresses.  Never include SSN, birth dates or mother’s maiden names on resumes or genealogical charts posted to the web. Another tip- do not give out this information to “head hunters” who just call and ask for it so that they can do a background check. Please read our guide on ID Theft and Job Seekers for additional information.
16. YES - Some sites maintain that you are logged-on until you either log off manually or your browser session or connection becomes inactive after “x” number of minutes, aka "timeout". If you merely close down the browser without properly logging off, the person that uses the PC immediately after you could check your history list, return to a secure website and have the access you did. The safest practice is to manually log off and to flush the browser's history and temporary files. Better yet, we recommend that you not use public PCs for engaging in sensitive website visits, transactions, etc.
17. NO - In addition to possible information theft, you are probably in violation of your company’s policy for computer and company security, which could cost you your job.  Also, refer to answer #4
18. NO - First, you don’t know who has sent this email. Second, you don’t know the sender’s intent. This is not a safe practice. Too many people fall victim to identity theft through this type of scam.
19. NO - Unless you personally verify with the sending company via a customer service number which comes with billing information, you cannot be sure that this is not a scam or “Phishing”. Too many scams look like they were sent by the real company. Again, keep up to date with the ITRC scam alert pages.
20. YES - ITRC is linked with several Internet scam monitoring programs. It is updated regularly. You may also email us about any concerning emails you receive.
21. NO - A crosscut shredding is a valuable piece of equipment in the home and in the workplace. Those people who go through your trash late at night are not looking for aluminum cans. In the workplace, tossing papers with sensitive information could cause you to be a defendant in a liability lawsuit, or to lose your job.
22. NO - There are only several reasons a company needs your SSN.  Those include the establishment of a credit service (credit card, tenancy, utility service), banking services, taxes, or to pawn an expensive item. Many companies ask for information they do not need. Ask questions. If the answer is unacceptable speak with a supervisor or take your business elsewhere.

Clearly the higher your score, the safer you are. We hope that you have learned some valuable tips as well. If you answered any question incorrectly it is time to rethink how you handle sensitive information. Fact Sheet 119 Direct Connections to the Internet will help you understand computer safety.

Copyright 2005, revised 2/2007, Identity Theft Resource Center®, all rights reserved.
Created by ITRC
This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to ITRC.  ITRC thanks the CRAs in providing material for this guide.