ITRC Fact Sheet 118 - PC Perfect
Information Safety Quiz
Please answer yes or no to each question. The key to scoring can be found at the bottom of this test.
If your computer connects to the Internet by any method:
1. Do you keep personal identifying information (PII), such as Social Security numbers, account numbers, passwords or financial records on a computer connected to the Internet?
2. Do you check the validity of site certificates when sending sensitive information to another website?
3. Do you check for locks (bottom right browser status line) or the notation that the site is secure (https:// = secure = lock in status line) prior to entering sensitive information to that site?
4. Do you trust those you share your PC with, i.e. co-workers, relatives and roommates?
5. Do you verify which of your folders are opened for sharing (open to others) when you use peer-to-peer file sharing software?
6. Do you password protect your personal login on your computer, so that only you can access your files?
7. Do you have software firewall protection on your computer, a hardware firewall, or both?
8. Do you check for security updates for your PC weekly, or use automatic updates?
9. Do you have a quality virus protection software package installed and allow it to update virus definitions automatically?
10. Do you run a full virus scan on your hard drive at least every week?
11. Do you have spyware protection software, and run a full spyware scan weekly?
12. Do you leave sensitive files open and unguarded, so that anyone walking by can read them?
13. Do you know how to properly erase sensitive files from your hard drive so that the files are unrecoverable when you dispose of your computer?
14. Do you open email documents, or attachments to email documents without verification of the sender?
15. Have you ever created a website in which you have included personal information, or given permission for personal information to be included on someone else’s site, including SSN, birth dates, or mother’s maiden name? This includes a resume, personal profile, professional profile, or a genealogical chart.
16. When using public computers (e.g. in libraries, cyber-cafes, etc.), do you make sure that you fully log off after connecting to a secure website (email, banking, etc), rather than just close down the browser?
17. At work, do you give out your user id and password to colleagues other than those in your IT department, just in case they need to access some material on your hard drive or email during your absence?
18. Do you give any of your personal information to telephone solicitors or to people who send Internet emails?
19. Do you send sensitive personal information via email? Sensitive personal information may include SSN, account verification information, financial account numbers, PIN numbers, DoB, Driver’s License Number, etc.
20. Do you stay aware of new scams, such as phishing and other e-scams?
Answers: Give yourself one point for each correct answer.
1. NO - You must safeguard your information if you are going to store it on your computer. However, if you must store personal information on your computer, encryption is necessary.
2. YES - Without certification you don’t know if the company is real or the information is being transmitted safely.
3. YES - These locks and https codes help you know that you are transmitting via a safe system. If the padlock is open, do not transmit sensitive information!
4. NO - Unfortunately in today’s world, no one is beyond temptation. No one should have access to your sensitive information except you.
5. YES - Only allow others access to information that you wish to be publicly known. If you don’t want to see it in the newspaper, do not entrust it to others by inadvertently sharing folders. See ITRC Solution 19 – File Sharing and Peer-to-Peer Software Safety.
6. YES - This is an important issue for both personal and business computers. Even if you are the only person who lives in the house, you may have a houseguest who goes through your computer when you are sleeping. In a business setting, computer security is critical and personal information must be kept as secure as any other proprietary information.
7. YES - Firewalls keep other computers from accessing your local computer information while you are connected to the Internet. You can purchase software or hardware firewalls, or you may find that your Internet provider already has firewall systems in place. Most new “wireless routers” also have reasonably good built-in hardware firewalls.
8. YES - Installing a firewall is important but keeping it updated against new viruses and computer hacking systems is just as important. These are almost always free downloads, i.e.: Windows Update, Linksys or Netgear router upgrades, etc.
9. YES - Again, new viruses are being created daily. Keep your protection current. It is best to have it set to automatically update the virus definitions as needed. You may also want to visit Trend Micro for some free antivirus tools http://free.antivirus.com/
10. YES - same answer as above. Remember, virus scanners must use current definitions in order to catch current viruses!
11. YES - Some tools you may want to investigate are Spybot Search & Destroy – www.safer-networking.org and Trend Micro’s Clean-up tools. These are free downloads to single users.
12. NO - The same rule applies as for question #5. The only things that should be visible to others would be information you would allow to be publicly displayed.
13. YES - However, you may only answer “yes” if you understand that sending an email or file to “delete” is not deleting a file. They can still be recovered. There are special software programs that will completely overwrite the information so that it is almost irretrievable. If in doubt, remove and keep the hard drive before giving away a used computer.
14. NO - Opening an attached document, executable file (.exe or .bat.com) or screensaver attachment from someone you do not know is asking for trouble. This is a very common way to send viruses or Trojan horse programs that could destroy not only your computer but the computers of anyone in your computer email address book. It could also allow a remote user to gain complete access and control of your computer. Common sense and good Antivirus programs are a must to avoid these threats.
15. NO - Identity thieves surf for this information, and spammers also “harvest” email addresses. Never include SSN, birth dates or mother’s maiden names on resumes or genealogical charts posted to the web. Another tip- do not give out this information to “head hunters” who just call and ask for it so that they can do a background check. Please read ITRC Fact Sheet 121 on Identity Theft and Job Seekers for additional information. Also please read ITRC Fact Sheet 138 on Social Networking.
16. YES - Some sites maintain that you are logged-on until you either log off manually or your browser session or connection becomes inactive after “x” number of minutes, aka "timeout". If you merely close down the browser without properly logging off, the person that uses the PC immediately after you could check your history list, return to a secure website and have the access you did. The safest practice is to manually log off and to flush the browser's history and temporary files. Better yet, we recommend that you not use public PCs for engaging in sensitive website visits, transactions, etc.
17. NO - In addition to possible information theft, you are probably in violation of your company’s policy for computer and company security, which could cost you your job. Also, refer to answer #4
18. NO - First, you don’t know who has sent this email. Second, you don’t know the sender’s intent. This is not a safe practice. Too many people fall victim to identity theft through this type of scam.
19. NO - Unless you personally verify with the sending company, via a customer service number which comes with billing information, you cannot be sure that this is not a scam or “Phishing”. Too many scams look like they were sent by the real company. See the Check URL Safety Widget from Trend Micro. Again, keep up-to-date with the ITRC scam alert pages.
20. YES - ITRC is linked with several Internet scam monitoring programs. It is updated regularly. You may also email us about any concerning emails you receive.
Clearly the higher your score, the safer you are. We hope that you have learned some valuable tips as well. If you answered any question incorrectly it is time to rethink how you handle sensitive information. ITRC Fact Sheet 119 - Direct Connections to the Internet will help you understand computer safety.
This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to firstname.lastname@example.org
Copyright 2010, Identity Theft Resource Center®, all rights reserved. Created by ITRC