The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. Computer security also includes protection from unplanned events and natural disasters.However, there is a huge difference between what is loosely defined as identity theft and cyber security. Cyber security is one aspect of preventing identity theft but is only a relatively small part of the overall problem. A 2013 post in the Equifax blog entitled "Top Causes of Identity Theft? Not the Internet - Yet" states as follows:
A new study examining the claims made in 2011 byTravelers’ customers insured against identity fraud shows that stolen or misplaced items are still a major cause of these crimes. Of the roughly two-thirds able to pinpoint the source of their identity theft, stolen wallets and pocketbooks topped the list.Next on the list of causes is a stolen or compromised driver’s license, Social Security card, or other form of personal identification. Third on the list is burglaries, followed by Internet scams and so-called cyber-breaches. But the Department of Justice statistics show that 64.1% of the types of identity theft involve the misuse or attempted misuse of an existing credit card. It should also be noted that from 2005 to 2010, the percentage of all households with one or more type of identity theft that suffered no direct financial loss increased from 18.5% to 23.7%. This same Department of Justice statistics in 2012, found the following:
- About 7% of persons age 16 or older were victims of identity theft in 2012.
- The majority of identity theft incidents (85%) involved the fraudulent use of existing account information, such as credit card or bank account information.
- Victims who had personal information used to open a new account or for other fraudulent purposes were more likely than victims of existing account fraud to experience financial, credit, and relationship problems and severe emotional distress.
- About 14% of identity theft victims experienced out-of-pocket losses of $1 or more. Of these victims, about half suffered losses of less than $100.
- Over half of identity theft victims who were able to resolve any associated problems did so in a day or less; among victims who had personal information used for fraudulent purposes, 29% spent a month or more resolving problems.
Where does cyber security enter into this picture? What does any of this have to do with genealogy? Cyber security can include anything from complex multi-national computer security issues involving governments around the world to using individually secure pass words. But none of this has anything to do with putting a family tree online unless you are so ill-advised as to include personal information such as social security numbers.
Most genealogists are already aware of the issues involved in sharing information about living people online. Banks and other financial institutions still use genealogically related data such as a mother's maiden name as security questions. But these types of ridiculous practices have nothing whatsoever to do with genealogy.
The only way to totally avoid cyber security risks is to stay off of the Internet entirely and do not own a computer. Likewise, if you wanted to avoid being involved in a traffic accident, you could refuse to drive a car. But that would not keep someone from driving their car through the front of your house and not having a computer would not do anything at all to prevent security breaches in large online database companies. Meanwhile, worrying about cyber security loss is like worrying about bank robberies. They will happen but there is not a whole lot individual genealogists can do about them.
If you want to minimize your risk, practice good computer security measures. Here is a suggested list from Indiana University, University Information Technology Services:
- Use security software
- Practice the principle of least privilege (PoLP)
- Maintain current software and updates
- Frequently back up important documents and files
- Never share passwords or passphrases
- Do not click random links
- Beware of email and attachments from unknown people
- Do not download unfamiliar software off the Internet
- Do not propagate virus hoaxes or chain mail
- Log out of or lock your computer
- Shut down lab/test computers
- Remove unnecessary programs or services
- Restrict remote access
- Treat sensitive data very carefully
- Remove data securely
- Deploy encryption whenever it is available