|
(ISC)2: 8 Out Of 10 People Revealing Sensitive Personal Data Online
Despite Concerns Of Data Misuse And Identity Fraud; (ISC)2 survey
highlights need for marketers to change data collection practices
(M2 PressWIRE Via Acquire Media NewsEdge)
RDATE:10112008
London, UK -- 84 percent of the UK public are revealing highly
sensitive personal data online, such as postcode and date of birth,
according to the results of a survey announced today of more than 1500
UK residents aged 16 and over. Of the people who reveal their personal
data online, 86 percent said they reveal their postcode and 84 percent
their date of birth. Over a third (34 percent) also reveal their
mother's maiden name, 29 percent reveal their place of birth and 10
percent give bank account information. Personal information is revealed
even though 79 percent of those surveyed are concerned about fraud.
Tickbox.net conducted the survey for the world's largest member
organisation of information security professionals, (ISC)2.
Fraudsters can gain access to your public and private records with
personal information such as your date of birth or your mother's maiden
name. Despite this fact, marketers continue to require people to
register these details before they shop online, join a social
networking group or receive regular updates/newsletters. "People are
aware of the dangers of providing personal and highly sensitive data
online - such as date of birth and mother's maiden name and bank
details - but they still do," said John Colley, managing director EMEA
for (ISC)2 and former information security professional for some of the
UK's largest banks. "This makes it easy for criminals to find and use
their personal data for identity theft and fraud."
"Websites should not be forcing - or even asking - people to submit
these personal details about themselves. Consumers that want to shop
online or sign up to receive information or join a social network for
example, often have no choice if they want to proceed with their
transaction. Yet we would never give this information to a shop
assistant or someone surveying us in the street. It's time that
marketers changed their data collection practices and stop asking
people to reveal sensitive data online," said Colley.
When giving personal information online, most people (76 percent) try
to ensure that the site is secure and will protect their personal
information. 76 percent tick the box asking for their details to remain
confidential and 14 percent seek third party re-assurance that the site
is legitimate. 11 percent research the site's validity with a relevant
industry body.
"Even when a company says it will protect consumer information, there
are no guarantees that its own network or Website may not be
infiltrated by Cyber-criminals and, in turn, lose data," said Colley.
Already this year, there have been numerous cases of personal data
theft - such as The Home Office's loss of data on all 84,000 prisoners
in England and Wales; the loss of data for more than 25 million child
benefit claimants by HM Revenue and Customs and the loss of 370,000
customer records by banking giant HSBC. "Ticking the �keep information
private' box is no longer enough. We shouldn't be asking people to give
this information," said Colley.
These results come weeks after online consumers were warned to make
better checks on the amount of personal information being held about
them after a survey by the Information Commissioner's Office said 95
percent of people considered their personal information valuable.
The (ISC)2 survey also highlighted that:
-- Most respondents (88 percent) provide personal information online
more than once or twice a week and one in ten people reveal their
personal details more frequently (9-10 times per week) (11 percent);
-- Younger adults (ages 16-24) were less likely than other age groups
to reveal highly sensitive data pointing to the increased awareness in
this age group of the risks of data misuse online (5 percent do not
give any personal information online);
-- Older people are less likely to look for re-assurance that a website
is legitimate from a third party. 40.2 percent of people ages 16-24
said they got re-assurance from a third party site of a website's
legitimacy before they gave personal information away. This drops to18
percent for the 25-34 age group, 12 percent for the 35-44 age group, 11
percent for the 45-54 age group and continues to a mere 7 percent in
the over 55 age group;
-- 79 percent of participants are concerned about their personal
information online. While 49 percent of respondents were somewhat
concerned about whether their personal information was used for
fraudulent purposes, 30 percent were definitely concerned and 19
percent were not really concerned. Only 2 percent of respondents were
not at all concerned. Women were fractionally more concerned than men
(81 percent vs. 77 percent of men).
Tips for keeping personal information safe.
When giving information about yourself online you should:
1. Always check the �keep information private box' to ensure that the
company you have provided information to does not pass on your details
to third parties;
2. Don't enter any personal information on a Website that does not have
a Web address that starts with �https://' and ensure there is a small
yellow padlock in the frame of the web browser window;
3. Never give anyone your user ID, PIN or password, even if they appear
to be a representative of a trusted firm;
4. Be wary of emails that appear to come from banks, credit card or
other trusted companies, asking you to update security information.
Banks will never communicate with you in this way;
5. Don't give out personal information unless you initiated the contact
and are sure you know who you're dealing with. You wouldn't disclose
this information to someone in the street so why do it online;
6. Always type in the Web address of trusted Websites into the browser
yourself instead of clicking on the links in emails. This will ensure
that you have not been redirected to a hoax site;
7. Avoid using your real name and date of birth online (e.g. on social
networking sites);
8. Be cautious of �fast friends' that you meet online and ask you to
reveal personal information;
9. Be wary of disclosing personal information on a work or personal
Website;
10. Use secure, trusted Websites when shopping online.
About (ISC)" The International Information Systems Security
Certification Consortium, Inc. [(ISC)2 ] is the globally recognised
Gold Standard for certifying information security professionals. Since
1989 (ISC)" has certified over 60,000 information security
professionals in over 130 countries with certifications such as the
Certified Information Systems Security Professional (CISSP) and related
concentrations, Certified Secure Software Lifecycle Professional
(CSSLPCM), and Systems Security Certified Practitioner (SSCP)
credentials to those meeting necessary competency requirements. (ISC)"
also offers a continuing professional education program, a portfolio of
education products and services based upon (ISC)2's CBK , a compendium
of information security topics, and is committed to promoting
information security awareness and best practice among practitioners,
businesses and the general public.
2008, (ISC)2 Inc. (ISC)", CISSP, ISSAP, ISSMP, ISSEP, SSCP and CBK are
registered marks of (ISC)", Inc.
CONTACT: Teresa Horscroft, PR Consultant for (ISC)2 Europe
Tel: +44 (0)1420 564 346
Tel: +44 (0)7990 520 390
e-mail: teresa.horscroft@btinternet.com
WWW: http://www.isc2.org
((M2 Communications Ltd disclaims all liability for information
provided within M2 PressWIRE. Data supplied by named party/parties.
Further information on M2 PressWIRE can be obtained at
http://www.presswire.net on the world wide web. Inquiries to
info@m2.com)).
Copyright ? 2008 M2 Communications Ltd.
[ Back To cable.tmcnet.com's Homepage ]
|