Calgary Herald

A16

Thursday, September 11, 2008

XX PAGELABEL XX

BANKING SECURITY

Breaking news at calgaryherald.com

ONLINE SECURITY

Social networking sites raise privacy concerns JULIE BEUN-CHOWN FOR CANWEST NEWS SERVICE

It’s the kind of story usually dismissed as urban legend — but this time, it’s true. In June, 20-year-old Joshua Lipton was found guilty over a drunk driving incident that seriously injured another driver. That he was charged wasn’t surprising. What was shocking was that the prosecutor in the case found an incriminating Facebook picture of Lipton at a Halloween party held two weeks after the accident, showing him dressed as a jailbird and sticking out his tongue. In court, the prosecutor offered it as evidence of Lipton’s unrepentant ways. The judge concurred and gave the Rhode Island man a two-year sentence. It wasn’t the first time personal content on social networking sites — such as FaceAshley Fraser, Canwest News Service book, MySpace, YouTube, Bebo Ben Watson, pictured with his 14-year-old son, Sawyer, says and even blogs — have been it’s up to online users to protect their information. used by employers, police and institutions to keep tabs on in- would use their online revela- definition between public and dividuals and take action tions against them grows daily, private lives, he adds. “Now, it’s not just celebrities against them. the responsibility ultimately who are subject to public For the generation brought lies with members themselves. up with the Internet as their “The Internet is an echo scrutiny, but everyone. Our priplayground, like 18-year-old chamber that amplifies your vacy is being eroded daily, peMalcolm Taylor, for Canwest News Service Kayleigh Kristiansen, such acvoice and everything you do, riod.” Since most hackers today break into web applications, firewalls are no longer enough to en- tions are akin to a stranger loi- times 100,” says Watson, who That undefined line has been sure safe online banking, says Stewart Wolfe of KPMG LLP. tering at the gate. has a 14-year-old son, Sawyer. the subject of much criticism “People my age aren’t wor“So if you’re an idiot, it’s no aimed at social networking sites ried about privacy issues, be- longer just your neighbours, like Facebook. cause we’re so used to having but the world that knows it. We The University of Ottawaeverything about ourselves on absolutely need to be more based Canadian Internet Policy the Internet,” says the Oro- careful about what we put out and Public Interest Clinic rethere.” cently filed a complaint with mocto, N.B., student. It’s a point made more the Privacy Commissioner of “But it’s being turned around on us. We use social network- poignant by that fact every Canada over what it says is the ing to express ourselves. And post, uplink and video added site’s failure to tell members the fact that employers or the leaves a permanent Internet how their personal data is dispolice will use that against us is fingerprint that can be impossi- closed to third parties and soble to erase, says Riel Rous- cial advertising. detrimental.” In July, Facebook announced It’s the price we will continue sopoulos, CEO of the Vancouto pay for the Age of Internet, ver-based Internet marketing new measures to deal with such says Ben Watson, a social me- and development company criticisms, with Facebook ConJEFF BUCKSTEIN unauthorized account access, nect, a new application that will dia advocate who has worked IXLD Media Inc. FOR CANWEST NEWS SERVICE multiple levels of firewalls and Tips for online “This is critical,” he says. allow Facebook users to easily on networking for giants like 128-bit encryption to ensure Yahoo, Microsoft and Adobe, “Young people are not thinking carry their data, profiles, friends nline banking clients the safety of data passing bebanking clients and is currently vice-president about the fact that, 20 years and photos to partner sites. are a potential target as tween parties. If users sign the consent — of marketing for the Ottawa- from now when they’re a CEO, increasingly sophistiLee Dunn, vice-president CANWEST NEWS SERVICE a video they posted of them- there’s no obligation to do so — based start up, Overlay.TV. cated Internet attacks aim to and chief information security While he admits the potential selves dancing drunk at age 18 sites can then mine only the grab critical financial informa- officer at BMO, says the enHere are some tips from the profile information the user is collision between social net- will pop up on YouTube.” tion. experts on how online bankhanced sign-in features include It’s a situation that begs for willing to share. work users and those who Today’s attacks are taking a personalized graphic and ing clients can protect themplace more frequently and customized phrase users select selves against phishing attacks — phoney e-mails that faster than ever before. Banks to appear after they enter their attempt to extract valuable and other protectors of sensi- card number. personal financial informative online information now This graphic and phrase tion. face threats from so-called combination helps identify the “zero-day” attacks, says George website’s authenticity, after ■ Be aware that authentic Kerns, president and chief ex- which the user can sign in with banks will never request their ecutive officer of Fusepoint their personal identification clients divulge personal inforManaged Services Inc., a man- number. mation, such as account aged information technology numbers and passwords, in This works two ways: solutions provider headquaran e-mail. “It gives the customer a contered in Mississauga, Ont. ■ Authenticate the website fident feeling they are at a le“The whole point of a zero- gitimate website” and also proyou are going to is genuine by day (attack) means that within vides the bank with assurance verifying that it has a secure 24 hours of most things being the customer is who they pursockets layer (SSL) certifiknown, they’re exploited.” port to be, she says. cate. Consequently “there’s very lit■ Never click on a link in a BMO also monitors sign-in tle time to be able to fix it be- patterns. If, for instance, a persuspicious e-mail. Instead search out an official bank fore there’s some kind of im- son signs on to his or her acURL site via your browser bar. pact.” count away from the computer ■ Never download an attachThe banking industry in site her or she normally transment from a suspicious eCanada devotes substantial act from, the bank will prompt mail. It may consist of a virus time, effort and money to com- them with a series of suppleor spyware. bat such threats, stresses mentary, pre-selected personal■ Contact your bank immediMaura Drew-Lytle, director of ized questions to make sure it is ately if you suspect somemedia relations and communi- indeed the client who is atcations with the Canadian tempting to sign on, explains body has tried to emulate Bankers Association (CBA) in Dunn. them online. Toronto. But firewalls alone don’t According to the CBA, provide enough security. clients of the six largest Cana- While a firewall can act as an “spoof site,” which mimics the dian banks alone — RBC Royal infrastructure layer to try to appearance of an authentic Bank, BMO Bank of Montreal, prevent unauthorized access site, says Darrell MacMullin, TD Bank, Scotiabank, CIBC for certain services, “most country manager for PayPal and National Bank of Canada hackers today break into the Canada, an online payment so— went online to record nearly web applications,” which in an lutions provider. 394 million financial transac- online, worldwide banking enOften such correspondence tions in 2007. vironment allows them to involves urgent requests for In 2006, those same banks more easily bypass firewalls, banking clients to validate spent $4.4 billion on their tech- says Stewart Wolfe, KPMG their credentials or register for nology in- LLP’s leader of security ser- a type of service when they log f r a s t r u c - vices for the Greater Toronto onto a false site with their user ture; be- area. name and password, so perpet w e e n “Although application layer trators can capture the sensi1996 and firewalls provide a level of pro- tive personal information 2006, in- tection, the secure coding of needed to commit further c l u s i v e , applications from initial devel- crimes, adds Wolfe. they in- opment to production release “A bank will never send you v e s t e d is key to providing Internet an e-mail asking you to verify $37.6 bil- banking web applications that your personal information,” lion. are more resistant to malicious says Drew-Lytle. “They already “ T h e penetration attempts,” he says. have it.” banks have This is one reason why addiConsequently, it’s essential a lot of tional protection, such as a se- for users to authenticate that p e r s o n a l cure sockets layer (SSL) cer- the website they enter is genf i n a n c i a l tificate issued by an authorized uine, and never give out sensii n f o r m a - third-party to certify that a web tive financial information untion on server belongs to the company less they are certain it is. their cus- it purports to be is essential. The best way to do this, . tomers, so Such certificates include 128- Wolfe says, is to verify the SSL they un- bit encryption. certificate by clicking on the Feel invincible online with the most comprehensive suite of security services. Protect your derstand From a user standpoint, “if I lock displayed by the browser. personal information with our Firewall and Anti-Spyware, automatically detect and delete that pro- connected to a bank, and didn’t A lock icon will appear when t e c t i n g see an SSL certificate, I would- the address prefix in the harmful viruses with Anti-Virus software, and rest easy with added security features like GEORGE KERNS, that is cer- n’t start putting in my user browser bar changes from http Parental Control and Anti-Fraud. Best of all, there’s no extra cost. FUSEPOINT tainly one name and password because I to https. MANAGED of their couldn’t be guaranteed that If clients are contacted by SERVICES INC. most im- session is encrypted,” says somebody phishing for inforAdd High Speed to a bundle and save over 15%.* p o r t a n t Wolfe. mation illegally, they need to jobs,” says Drew-Lytle. Customers can also arm contact their bank immedi“The banks are always imple- themselves by becoming aware ately, the experts say. menting new security proce- of the threats they may face If they have already provided dures” to ensure customer and what to do about them. information, they also need to safety, she adds. Phishing attacks, for in- quickly issue a fraud alert and BMO Bank of Montreal, for stance, are a prime example of contact other parties, such as instance, offers clients a num- a malicious attempt to exploit their credit card issuer, to let ber of protective measures. banks and their customers. them know what has happened SAA79089 These include enhanced signThe idea of a phishing e-mail to try and prevent further damin security to help prevent is to get users on to a so-called age.

Online banking faces new threats

O

Never fear, safer Internet is here.

❝ The whole point of a zero-day (attack) means that, within 24 hours of most things being known, they’re exploited ❞

Get the most secure High Speed access