You can’t help but wonder, if the U.S. Defense Department can be hacked and attacked from the inside-out,  just how safe is the personal data belonging to the average U.S. citizen?

Here are 10 tips from the Better Business Bureau to help keep you safe online not just during the holidays, but all year long.

The BBB offers this advice:

1. Protect your computer – A computer should always have the most recent updates installed for spam filters, anti-virus and anti-spyware software and a secure firewall.

2. Shop on trustworthy websites – Shoppers should start with BBB to check on the seller’s reputation and record for customer satisfaction. Always look for the BBB seal and other widely-recognized “trustmarks” on retailer websites and click on the seals to confirm that they are valid.

3. Protect your personal information – BBB recommends taking the time to read the site’s privacy policy and understand what personal information is being requested and how it will be used. If there isn’t one posted, it should be taken as a red flag that personal information may be sold to others without permission.

4. Beware of deals that sound too good to be true – Offers on websites and in unsolicited e-mails can often sound too good to be true, especially extremely low prices on hard-to-get items. Consumers should always go with their instincts and not be afraid to pass up a “deal” that might cost them dearly in the end.

5. Beware of phishing – Legitimate businesses do not send e-mails claiming problems with an order or an account to lure the “buyer” into revealing financial information. If a consumer receives such an e-mail, BBB recommends picking up the phone and calling the contact number on the website where the purchase was made to confirm that there really is a problem with the transaction.

6. Confirm your online purchase is secure – Shoppers should always look in the address box for the “s” in https:// and in the lower-right corner for the “lock” symbol before paying. If there are any doubts about a site, BBB recommends right-clicking anywhere on the page and select “Properties.” This will let you see the real URL (website address) and the dialog box will reveal if the site is not encrypted.

7. Pay with a credit card – It’s best to use a credit card, because under federal law, the shopper can dispute the charges if he or she doesn’t receive the item. Shoppers also have dispute rights if there are unauthorized charges on their credit card, and many card issuers have “zero liability” policies under which the card holder pays nothing if someone steals the credit card number and uses it. Never wire money and only shop locally on sites like Craigslist.

8. Keep documentation of your order – After completing the online order process, there may be a final confirmation page or the shopper might receive confirmation by e-mail – BBB recommends saving a copy of the Web page and any e-mails for future reference and as a record of the purchase.

9. Check your credit card statements often – Don’t wait for paper statements; BBB recommends consumers check their credit card statements for suspicious activity by either calling credit card companies or by checking statements online regularly.

10. Know your rights – Federal law requires that orders made by mail, phone or online be shipped by the date promised or, if no delivery time was stated, within 30 days. If the goods aren’t shipped on time, the shopper can cancel and demand a refund. There is no general three-day cancellation right, but consumers do have the right to reject merchandise if it’s defective or was misrepresented. Otherwise, it’s the company’s policies that determine if the shopper can cancel the purchase and receive a refund or credit.

From our family at Penn and Associates to yours,  enjoy this Christmas holiday season. Expect bigger things from this blog in 2011 !

According to a Congressional committee, attacks on the Department of Defense computer systems jumped 60 percent in 2009.

Russia, China and North Korea have all launched sustained attacks on U.S. government agencies including the Federal Trade Commission and the Department of the Treasury.

Analysts believe that security standards like the ones created by the National Institute of Standards and Technology (NIST), should be implemented immediately. According to the experts, NIST could get us 90 percent closer to where we need to be.

In Congressional testimony earlier this year, former National Intelligence Director Mike McConnell said that we could be on the brink of an all-out cyberwar. McConnell’s view has been repudiated by the current Secretary of Defense Robert Gates.

If  Moore’s law is true,  (every 24 months a dollar buys twice the amount of computing power that it did before) our enemies may be able to buy, beg, borrow or hack twice as much of our data as  they can today for the same effort.

Computer scientist Daniel Geer Jr. aptly reveals what is at stake:

” We have spent centuries learning about securing the physical world, plus a few years learning about securing the digital world. What we know to be common to both is this: That which cannot be tolerated must be prevented.”

America’s most valued, electronically stored data is being targeted. Government agencies, private think tanks and university data warehouses are all vulnerable. The enemy operates from a distance with virtually no risk of personal danger.

What defense mechanisms can we construct to prevent our data from being stolen at the speed of light?

Despite the skepticism of some,  participation is required under Title 13 of the United States Code. The same law also requires that the Census Bureau tabulate your information without revealing any of your personal data.

The government imposes very stiff fines and possible prison terms for federal employees who violate the privacy guidelines.

Allow me to call another lurking personal privacy threat to your attention. Make sure that anyone you share information with is actually from the Census Bureau!

This reminder came to my attention  from a Vice President of  Security at Austin Bank in Longview,  Texas.  (used with permission)

There has been a lot of advertisement about the 2010 Census. It is important that all people participate in the census since it is only taken every ten years. However, there are people at work posing as census takers to do one simple thing; steal the identity of everyone they can, and either use or sell the information. It is important that you protect yourself and talk to your family and friends, about protecting themselves.

Additionally, the U.S. Census Bureau has issued this statement on their website:

Census workers may need to visit your household to update the Census Bureau’s address list, deliver a questionnaire or ask you to complete the questionnaire face-to-face.  All census workers carry official government badges marked with just their name.  You also may ask them for a picture ID from another source to confirm their identity.  In addition, some census workers might carry a ‘U. S. Census Workers’ bag.  If you still are not certain about their identity, please call the Regional Census Center toll-free number to confirm they are employed by the Census Bureau.

Census workers will never ask  for your:

• Social security number
• Citizenship or immigration status
• Salary or income
• Bank account information

The reality is that their questions require much less personal information than a typical credit card application. If you would rather not answer questions at your front door, you can mail in your data.

The government says that our participation will help us to “paint a portrait of America”.

Pick up your paintbrush and let your voice be heard.