A16 Thursday, September 11, 2008 XX PAGELABEL XX Breaking news at calgaryherald.

com

BANKING SECURITY ONLINE SECURITY

Social networking sites

raise privacy concerns
JULIE BEUN-CHOWN
FOR CANWEST NEWS SERVICE

It’s the kind of story usually

dismissed as urban legend —
but this time, it’s true.
In June, 20-year-old Joshua
Lipton was found guilty over a
drunk driving incident that seri-
ously injured another driver.
That he was charged wasn’t
surprising. What was shocking
was that the prosecutor in the
case found an incriminating
Facebook picture of Lipton at a
Halloween party held two
weeks after the accident, show-
ing him dressed as a jailbird and
sticking out his tongue.
In court, the prosecutor of-
fered it as evidence of Lipton’s
unrepentant ways. The judge
concurred and gave the Rhode
Island man a two-year sen-
tence.
It wasn’t the first time per-
sonal content on social net-
working sites — such as Face- Ashley Fraser, Canwest News Service
book, MySpace, YouTube, Bebo Ben Watson, pictured with his 14-year-old son, Sawyer, says
and even blogs — have been it’s up to online users to protect their information.
used by employers, police and
institutions to keep tabs on in- would use their online revela- definition between public and
dividuals and take action tions against them grows daily, private lives, he adds.
against them. the responsibility ultimately “Now, it’s not just celebrities
For the generation brought lies with members themselves. who are subject to public
up with the Internet as their “The Internet is an echo scrutiny, but everyone. Our pri-
playground, like 18-year-old chamber that amplifies your vacy is being eroded daily, pe-
Malcolm Taylor, for Canwest News Service Kayleigh Kristiansen, such ac- voice and everything you do, riod.”
Since most hackers today break into web applications, firewalls are no longer enough to en- tions are akin to a stranger loi- times 100,” says Watson, who That undefined line has been
sure safe online banking, says Stewart Wolfe of KPMG LLP. tering at the gate. has a 14-year-old son, Sawyer. the subject of much criticism
“People my age aren’t wor- “So if you’re an idiot, it’s no aimed at social networking sites

Online banking
ried about privacy issues, be- longer just your neighbours, like Facebook.
cause we’re so used to having but the world that knows it. We The University of Ottawa-
everything about ourselves on absolutely need to be more based Canadian Internet Policy
the Internet,” says the Oro- careful about what we put out and Public Interest Clinic re-
mocto, N.B., student. there.” cently filed a complaint with
“But it’s being turned around It’s a point made more the Privacy Commissioner of

faces new threats

JEFF BUCKSTEIN
FOR CANWEST NEWS SERVICE
unauthorized account access,
multiple levels of firewalls and
128-bit encryption to ensure
on us. We use social network- poignant by that fact every Canada over what it says is the
ing to express ourselves. And post, uplink and video added site’s failure to tell members
the fact that employers or the leaves a permanent Internet how their personal data is dis-
police will use that against us is fingerprint that can be impossi- closed to third parties and so-
detrimental.” ble to erase, says Riel Rous- cial advertising.
It’s the price we will continue sopoulos, CEO of the Vancou- In July, Facebook announced
to pay for the Age of Internet, ver-based Internet marketing new measures to deal with such
says Ben Watson, a social me- and development company criticisms, with Facebook Con-
dia advocate who has worked IXLD Media Inc. nect, a new application that will
Tips for online on networking for giants like “This is critical,” he says. allow Facebook users to easily

O
nline banking clients the safety of data passing be- banking clients Yahoo, Microsoft and Adobe, “Young people are not thinking carry their data, profiles, friends
are a potential target as tween parties. and is currently vice-president about the fact that, 20 years and photos to partner sites.
increasingly sophisti- Lee Dunn, vice-president of marketing for the Ottawa- from now when they’re a CEO, If users sign the consent —
CANWEST NEWS SERVICE
cated Internet attacks aim to and chief information security based start up, Overlay.TV. a video they posted of them- there’s no obligation to do so —
grab critical financial informa- officer at BMO, says the en- Here are some tips from the While he admits the potential selves dancing drunk at age 18 sites can then mine only the
tion. hanced sign-in features include experts on how online bank- collision between social net- will pop up on YouTube.” profile information the user is
Today’s attacks are taking a personalized graphic and ing clients can protect them- work users and those who It’s a situation that begs for willing to share.
place more frequently and customized phrase users select selves against phishing at-
faster than ever before. Banks to appear after they enter their tacks — phoney e-mails that
and other protectors of sensi- card number. attempt to extract valuable
tive online information now This graphic and phrase personal financial informa-
face threats from so-called combination helps identify the tion.
“zero-day” attacks, says George website’s authenticity, after ■ Be aware that authentic
Kerns, president and chief ex- which the user can sign in with banks will never request their
ecutive officer of Fusepoint their personal identification clients divulge personal infor-

Never fear,
Managed Services Inc., a man- number. mation, such as account
aged information technology This works two ways: numbers and passwords, in
solutions provider headquar- “It gives the customer a con- an e-mail.
tered in Mississauga, Ont. fident feeling they are at a le- ■ Authenticate the website
“The whole point of a zero- gitimate website” and also pro- you are going to is genuine by
day (attack) means that within vides the bank with assurance verifying that it has a secure

safer Internet
24 hours of most things being the customer is who they pur- sockets layer (SSL) certifi-
known, they’re exploited.” port to be, she says. cate.
Consequently “there’s very lit- BMO also monitors sign-in ■ Never click on a link in a
tle time to be able to fix it be- patterns. If, for instance, a per- suspicious e-mail. Instead
fore there’s some kind of im- son signs on to his or her ac- search out an official bank
pact.” count away from the computer URL site via your browser bar.

is here.
The banking industry in site her or she normally trans- ■ Never download an attach-
Canada devotes substantial act from, the bank will prompt ment from a suspicious e-
time, effort and money to com- them with a series of supple- mail. It may consist of a virus
bat such threats, stresses mentary, pre-selected personal- or spyware.
Maura Drew-Lytle, director of ized questions to make sure it is ■ Contact your bank immedi-
media relations and communi- indeed the client who is at- ately if you suspect some-
cations with the Canadian tempting to sign on, explains body has tried to emulate
Bankers Association (CBA) in Dunn. them online.
Toronto. But firewalls alone don’t
According to the CBA, provide enough security.
clients of the six largest Cana- While a firewall can act as an “spoof site,” which mimics the
dian banks alone — RBC Royal infrastructure layer to try to appearance of an authentic
Bank, BMO Bank of Montreal, prevent unauthorized access site, says Darrell MacMullin,
TD Bank, Scotiabank, CIBC for certain services, “most country manager for PayPal
and National Bank of Canada hackers today break into the Canada, an online payment so-
— went online to record nearly web applications,” which in an lutions provider.
394 million financial transac- online, worldwide banking en- Often such correspondence
tions in 2007. vironment allows them to involves urgent requests for
In 2006, those same banks more easily bypass firewalls, banking clients to validate
spent $4.4 billion on their tech- says Stewart Wolfe, KPMG their credentials or register for
nology in- LLP’s leader of security ser- a type of service when they log
❝ f r a s t r u c - vices for the Greater Toronto onto a false site with their user
ture; be- area. name and password, so perpe-
The whole t w e e n “Although application layer trators can capture the sensi-
point of a 1996 and firewalls provide a level of pro- tive personal information
2006, in- tection, the secure coding of needed to commit further
zero-day c l u s i v e , applications from initial devel- crimes, adds Wolfe.
(attack) they in- opment to production release “A bank will never send you
v e s t e d is key to providing Internet an e-mail asking you to verify
means $37.6 bil- banking web applications that your personal information,”
that, within lion. are more resistant to malicious says Drew-Lytle. “They already
“ T h e penetration attempts,” he says. have it.”
24 hours banks have This is one reason why addi- Consequently, it’s essential
a lot of tional protection, such as a se- for users to authenticate that
of most p e r s o n a l cure sockets layer (SSL) cer- the website they enter is gen-
things f i n a n c i a l tificate issued by an authorized uine, and never give out sensi-
i n f o r m a - third-party to certify that a web tive financial information un-
being tion on server belongs to the company less they are certain it is.
known, their cus- it purports to be is essential. The best way to do this,
tomers, so Such certificates include 128- Wolfe says, is to verify the SSL Get the most secure High Speed access .
they’re they un- bit encryption. certificate by clicking on the
Feel invincible online with the most comprehensive suite of security services. Protect your
exploited derstand From a user standpoint, “if I lock displayed by the browser.
that pro- connected to a bank, and didn’t A lock icon will appear when personal information with our Firewall and Anti-Spyware, automatically detect and delete
❞ t e c t i n g see an SSL certificate, I would- the address prefix in the harmful viruses with Anti-Virus software, and rest easy with added security features like
GEORGE KERNS, that is cer- n’t start putting in my user browser bar changes from http
Parental Control and Anti-Fraud. Best of all, there’s no extra cost.
FUSEPOINT tainly one name and password because I to https.
MANAGED of their couldn’t be guaranteed that If clients are contacted by
SERVICES INC. most im- session is encrypted,” says somebody phishing for infor- Add High Speed to a bundle and save over 15%.*
p o r t a n t Wolfe. mation illegally, they need to
jobs,” says Drew-Lytle. Customers can also arm contact their bank immedi-
“The banks are always imple- themselves by becoming aware ately, the experts say.
menting new security proce- of the threats they may face If they have already provided
dures” to ensure customer and what to do about them. information, they also need to
safety, she adds. Phishing attacks, for in- quickly issue a fraud alert and
BMO Bank of Montreal, for stance, are a prime example of contact other parties, such as
instance, offers clients a num- a malicious attempt to exploit their credit card issuer, to let
ber of protective measures. banks and their customers. them know what has happened SAA79089
These include enhanced sign- The idea of a phishing e-mail to try and prevent further dam-
in security to help prevent is to get users on to a so-called age.