Data protection at home know how!

Content Little data protection glossary

26|27 2|2

Data protection at home know how!

5 Introduction 6 PC security and basic protection 8 Creating a secure password 13 WLAN security 16 Secure online banking and protection against phishing attacks 20 Behavior in the social network 24 Security for children on the Internet 26 Little data protection glossary

Legal information The content of this document is protected by copyright. No part of it may be reproduced, made available to the general public or used in any other way without the prior written consent of Deutsche Telekom AG. This applies in particular to reproduction on all types of data media, e.g. CD-ROM or DVD-ROM, as well as to rendition in electronic databases or online services. This guide has been compiled with great care and attention. Nonetheless, Deutsche Telekom AG accepts no responsibility for the correctness, completeness or topicality of the information it contains. This applies likewise to the content of websites that are linked through this document. On no account does Deutsche Telekom AG accept liability for direct or indirect damage such as loss of data occurring in connection with the pursuit of actions recommended in this document.

Introduction

4|5

Cybercrime in Germany is increasing every second person is affected

38% 16.437 9.691 4.463 2.683 3% 9.279 9% 5%

Introduction.
With this guide we want to draw attention to the fact that data protection is more than just installing a functional anti-virus program on a computer. We are living in the age of digitalization we are performing our private banking transactions online, making purchases over the Internet and increasingly maintaining our social contacts on the web. User behavior has also changed the face of crime. Spying on access data or hacking private WLAN connections are the modern equivalents of stealing purses and breaking and entering. Everyone knows how to secure their house and purses in just a few steps. We need to develop the same routine when using the Internet. By observing the following tips you can protect yourself against Internet crime and prevent misuse. Should you have any questions on the topic of data protection in general or at Telekom, you can send an e-mail to [email protected]. Yours sincerely, Claus-Dieter Ulmer

2004

2005

2006

2007

2008

Financial damage due to malware/ data theft

Password mining

Fraud by business partners

Infection of PCs by malware

2004 - 2008 Experiences of German internet users 2009 Source: BITKOM/Forse (2009), Basis: internet users from the age of 14 and up

BITKOM estimated a loss of 11 Million Euro for the users of Online Banking in Germany. This is one of many facts when talking about cyber crime.

Group Privacy Officer Deutsche Telekom

PC security and basic protection.

Observe the following tips so that your private data also remain private and secure on a PC.

PC security and basic protection

6|7

Always be aware of how sensitive the data is.

With confidential information you should not use a public PC, because you do not know whether it is adequately protected against viruses, worms, Trojans and external attacks.

Ensure you have high security settings.

To protect your data, install an anti-virus program and an anti-spyware program. It is also important to set up your personal firewall. Using this configuration you can protect yourself from attacks from the Internet. Also use the virus scanner supplied by your e-mail provider to get the highest possible security standard.

and keyboard lock is activated with the screen saver five minutes after the last user entry. On a private PC, the activation time is of course freely selectable. The lock can also be activated immediately if required. In a Windows operating system this is done by pressing the keys Ctrl + Alt + Delete and then selecting the option Lock computer.

Configure your wireless accesses on the devices you use. This too will make it difficult for third parties to gain access (see WLAN security).

Data backup.
To be on the safe side, you should regularly make a back-up copy of important data in particular, for example on CD-ROM/DVD or on an external hard drive.

Make sure nobody can overlook your PC.

Pay attention to who can see your screen if you are entering sensitive data such as user names and passwords.

Deactivate wireless interfaces.

To protect your private PC from external attacks, deactivate any wireless interfaces you do not currently need - after all, when you leave the room you also switch off the light. So why not switch off the WLAN transmitter on the router when you are not online? Most models now have an on/off switch on the back. The same also applies foryour cell phone, for example with the Bluetooth interface, in order to protect it from viruses, worms and Trojans on the one hand, and on the other hand to ensure that unauthorized persons cannot access your personal data such as the address book, calendar or your images.

Check downloads and e-mail attachments.

It is common to spread viruses via file attachments. For this reason only open trustworthy attachments from people you actually know. The same applies for software downloads: If the provider or site does not seem trustworthy to you, you should not download anything.

Always keep your system up-to-date.

Software providers are continually enhancing their products and thus closing any security gaps which emerge. Therefore always keep your software and anti-virus software in particular up-to-date to protect yourself from attacks.

Secure your PC with a password.

To protect your PC, and therefore your data, from being accessed by third parties you should always lock it using a password. Make sure that the password is a very secure one. After entering the correct password the screen is activated again and you can continue working. It is recommended that the screen

Creating a secure password

8|9

Creating a secure password.

You won't get very far on the Internet without a password. And the better the password is, the more secure the data concealed behind it is protected.

Creating a secure password

10|11

Please think carefully what consequences it has when your password ends up with the wrong people decide afterwards how safe you want to create your password.
Online banking, reading e-mails or writing a contribution in an anglers forum anyone using Web 2.0 will sooner or later always reach a point at which they are asked for a login name and password. The login name generally does not cause any problems. However, by having about the fifth password its difficult to stay on top of things. Even more so, because a secure password is unfortunately the opposite of a memorable one. So, how do I create a secure password that I can remember? Here you can learn how to exasperate hackers and protect your data. sentence we replace the l with a 2 and add a ! at the end. Our secure password then becomes W2lepws! This password comprises 8 characters. This is the lower limit recommended by experts for a secure password. As a rule, the longer and more complex the password the better. The reason for this is that hackers use programs to systematically try out all the possible password combinations. With each additional character, the number of possible passwords and thus the necessary runs that this type of computer program would need to crack your password therefore also increases.

Keep your passwords safe.

You should also only keep your passwords in secure locations to which only you have access. The best place for this is of course your head. The worst place is your browser. You should therefore ignore the auto-complete function for important passwords in particular and never save them on the hard disk or note them down on a piece of paper near the PC.

Therefore think twice before you choose a password: Is it protecting personal or business-related information (e.g., e-mails, contacts, etc.)? Can financial transactions be performed if access is gained (such as access to online banking or online auction houses)? Have you saved important data like your credit card number or bank details on the corresponding access? If the answer to these questions is yes then you should definitely choose a password which is secure as possible. If not, it may be that a less secure password is adequate. Even in this case you should of course make sure that you do not make things too easy for any hackers.

Change your passwords regularly.

You should change your passwords at regular intervals to increase protection against data theft. We recommend that you do this at least every three months.

How do I create a secure password?

The golden rule for creating a secure password is this: It should not be recognizable to anybody else as a meaningful word. There is a simple trick to creating a password like this: Think of a sentence which is easy for you to remember. From this sentence, use only the initial letters of each word and replace the individual letters with numbers and special characters. An example of a sentence would be: We both like eating pizza with salami. The initial letters give the combination Wblepws. Now the numbers and special characters come into play. Here you can let your imagination go wild. In our sample

Create a password for each access.

An additional important precautionary measure is to use different passwords for different accesses wherever possible. This is because every now and again data thieves manage to spy on entire customer files, including all the access data. A password which falls into the hands of thieves in this way is no longer secure. The hackers will also try this password if they want to gain access fraudulently. A secure password is therefore always one which you only use for one access. This should always apply to your access to online banking.

When do I need a secure password?

The problem with secure passwords is this: They are extremely difficult to remember. Whether its your wifes name or grandmas birthday any memory aid makes a password insecure. However, it may be that you do not always need a password which is 100% secure. For the anglers forum mentioned above for example, you do not necessarily need to be as careful as for online banking.

WLAN security

12|13

WLAN security.
More and more people are using wireless networks (Wireless Local Area Networks or WLAN) at home or on public PCs to access the Internet.
They are practical because they mean that you can access the Internet from anywhere. However, they also pose security risks. In general it can be said that any wireless connection offers less security than a network connection via a cable. With the wireless connection, the data is transmitted to the recipient by radio and can be intercepted. The personal effort in creating a secure personal environment is not only important for protecting yourself against attacks, but avoiding negligence minimizes liability. A private WLAN should be protected by the usage of passwords. If a third party gains unauthorized access to the non-secured WLAN and performs illegal activities, depending on the country legislation, you as the owner of the WLAN, may be forced by an injured party to cease and desist and to reimburse any associated costs of legal proceedings. It is therefore important that you encrypt your data so that your private e-mails, user names and passwords do not fall into the wrong hands. You can find important information on how to configure the security parameters of the router in its user manual.

WLAN security

14|15

You can protect your home against data theft by following these points:
Secure your WLAN router.
This is the most important precautionary measure since the WLAN router establishes the connection between your computer and your Internet access. Before you start operating your WLAN you should change a few basic settings: First you need to manually change the SSID, which refers to the network name, and give it a personal name. Here it is best to select an imaginary name which does not allow it to be traced back to you personally or your Internet provider. To increase security you should prevent the SSID from being displayed so that the name of your router cannot be found on the network. Since you know the name of your router you will of course be able to find it.

Especially when using publicly accessible Hot Spots you should consider the following recommendations to protect your data in the best way.
Security Information of the Federal Office for Information Security
The Federal Office for Information Security recommends having no wireless installation of all settings on your WLAN router but via cable.

Set up a filter against data theft.

To increase the security of your data you can set up a MAC address filter. The MAC address is a number with which every network card and thus every Internet-enabled computer can be identified. If you only allow the MAC addresses you need, thirdparty computers have no chance. How do I find the MAC address? Example in Windows: Go to the start menu and select Control panel. Then click on the System icon and, under Hardware, select Device Manager. Here you will find the item Network Adapters. Normally you will find two entries here one usually has Wireless added on to the name. Double-clicking on this entry brings up various menus: The MAC address can be found here under Extended.

Do not establish automatic connection.

Do not establish any connection with the HotSpot if you do not know who is responsible for operating the access. You should also not allow any automatic connection with wireless networks and always manually select which network you wish to connect to.

Deactivate your network approval.

If you use HotSpots the file and directory approval on your laptop or mobile device should be deactivated. As a rule you can deactivate this approval in the network settings of your operating system. You should never be logged in with a user account which has administrator rights.

Look out for fake HotSpots.

In order to access confidential data, criminals set up their own wireless networks which are very similar to the home page of the real HotSpot, for example, of TMobile. When connecting to the fake HotSpot you are asked to enter information such as your credit card number, supposedly to open a new HotSpot account. This manipulation technology is based on the phishing and pharming technology which is explained under Secure online banking and protection against phishing attacks.

Set up encryption.
An additional protection measure is to encrypt your WLAN. In most WLAN systems this is done via WPA2-PSK PSK (PreShared Key), i.e., the previously agreed key. Here a key (password) is needed to access the network when a connection is established. It is important that you select a secure password here. You will find more information about creating passwords under Creating a secure password.

Activate your firewall.

Before you dial into an external WLAN, activate your firewall. The firewall monitors the data traffic from and to your computer and thus helps to prevent attacks by harmful software.

Deactivate your WLAN.

You should deactivate your WLAN when you are not using it. By doing this you are not only protecting yourself from data thieves but also saving electricity.

Secure online banking and protection against phishing attacks

16|17

Secure online banking and protection against phishing attacks.

More and more people are using online banking. This banking facility can be accessed any time of the day or night and is easy to use from home.

Secure online banking and protection against phishing attacks

18|19

As convenient as online banking from home may be, it poses risks due to the processing of sensitive data. Data such as P IN and T AN numbers, which enable access to an account, repeatly fall into the hands of fraudsters due to carelessness. This very often happens due to phishing attacks, which have high potential for risks and damage. Phishing is a combination of the terms password and fishing and refers to attempting to acquire passwords as IN and T AN numbers. Through well as P fake e-mails and websites asking the customer to give his or her account details along with passwords, criminals can access sensitive data. In most cases a link takes the user to the fake website of banks and other companies which look very similar to the original. Pay attention to the following points so that you can protect yourself against these attacks:

to your bank it is best to check once again directly and make sure. Your bank will never ask you to provide con IN and T AN fidential data such as a P within an e-mail. Neither will your bank ever ask you for sensitive data over the phone. If you are unsure, call the number of your bank you are familiar with directly and confirm. Phishing e-mails are in many cases written in poor language. For languages with special characters in many cases it becomes obvious. For example, in German, umlauts such as , , are missing. This is because these messages are translated from other languages quickly and simply by computer programs. But often, even emails written in English, disclose spelling or grammar mistakes. The most secure thing to do is to never go to a website via an e-mail link. Always call up the site directly from your browser. Make sure the address of the site is written correctly.

If it is a secure connection, the abbreviation https:// is displayed in the browsers address bar. This encryption procedure prevents data from being read or manipulated during the time you are working on it. In rare cases this can also be faked. To be on the safe side, always enter the address of your bank yourself in the address bar of your browser and do not follow a link. On the login page your bank will never ask AN codes. If this is the case, please for T contact your bank immediately.

Banking transactions should only be performed from your own private PC or a mobile device in private. Make sure that you log out at the end of the session and empty the c ache on your PC. It is also important that you always use current anti-virus software and perform security updates to close any security gaps. Check your account transactions regularly. Contact your bank immediately if you see anything suspicious or if any discrepancies arise. If you notice anything suspicious or unusual, block your access to online banking. You can do this by instructing your bank over the phone or directly via the relevant function in the online banking window. If something seems to be unusual or suspicious, block your access to your online bank account. You can either do this via a phone call to your bank or directly online via the respective window on your online banking website.

General precautionary measures for online banking.

Always keep your personal data such as passwords, P IN and T AN in a secure location and never save these on your PC, including under a password manager. If this data is saved on the PC it could be read out. Select a secure password and keep it safe. See the tips on creating a secure password. For online banking you should always use a special password which you do not use for any other purpose. The password should be changed regularly to increase security.

Look out for phishing e-mails.

In most cases the forged e-mail is addressed to a general, nonpersonalized subject, for example Dear customer of XY bank. Phishing e-mails demand immediately and necessary action which may also use threats (If you do not update your data immediately it will be lost). Always look at the full senders address of the e-mail. If the address does not clearly relate

Watch out for phishing websites.

Always look for the security certificate which is shown by the lock icon at the bottom right-hand corner of your browser. If this is not displayed then the site is not secure.

Behavior in the social network.

With Web 2.0 social networks have found their way into our day-to-day lives.

Behavior in the social network

20|21

Behavior in the social network

22|23

These days everyone can send and receive you to use your real name. But if you do want information around the world and thus memto use your own name, use only the initial of bers of social networks such as Xing, Facebook, your surname. MySpace, etc. naturally disclose private data. Contrary to what is often incorrectly assumed, You can restrict access to your own profile the Internet is not a legal vacuum. However, not using the settings. It is most secure to only everyone complies with the applicable data allow friends to have access. protection provisions, to the provision on the right to ones own image or to copyright laws. Profile pictures. This poses privacy risks which many users are Even if it seems normal amongst young not aware of. For this reason it is important network users to show a picture on the Interto comply with certain practices in social net, using photos and images which are too networks. revealing violates privacy protection reguFirst of all, read the General Terms and lations. For this reason you should carefully Conditions and data protection notices of consider which photos you display on the the platform operators thoroughly. These Internet. Photos in beachwear or underwear generally tell you how the operators deal are generally taboo. Most people would not with your personal data. publicize their private life to people they dont know in their day-to-day lives, would they? Always think about what you really want to Creating your own profile. reveal about yourself online. First and foremost, where possible do not disclose any personal data such as e-mail Photo albums. addresses, telephone numbers, Messenger The function of uploading photos to online data, photos etc. This is because anyone photo albums is popular and frequently who gives away a large amount of informaused. To not take any risks here either, you tion about themselves is making it easy for should make sure that only immediate other people to send them phishing messafriends have access to these albums. ges or unwanted advertising, for example. In chats and discussion forums, instead of your own name you can also pick a nick name, even if the operator of this site asks As a rule you should only upload photos to which you also have rights.

Photos which you have uploaded to the ache Internet often remain saved in the c for a long time, even if you have deleted the images or the entire photo album.

Since every friend can see the data released for friends, you should always give careful consideration to who you accept as a friend.

Privacy.
You should know about and use where necessary all the settings provided by a social network for protecting your privacy. If you want to protect your privacy on various social networks you can consult the website www.klicksafe.de.

Making arrangements on the Internet.

Social networks are often used to arrange to meet friends or discuss other rendezvous. Private information such as arrangements to meet or Im home alone tonight should however under no circumstances be posted on message boards. This type of information should only be exchanged privately, via e-mail or Messenger or over ICQ, Skype, etc.

Adding friends.
We often receive a friend request from somebody we do not know. Before you accept the invitation or send it to anybody else you should check thoroughly who this person is. Personal data should only be made acces sible to genuine friends. Since you would not want to be shown in disadvantageous images or read private comments about yourself on the message boards of these sites, you should also respect the privacy of friends and relatives and only place images of them on the Internet after consultation.

Report and ignore function.

People, content or groups which breach the Code of Conduct of networks should always be reported. You can either use the report button on your profile page to do this or you can contact your local police station. Users who harass you can be blocked from accessing your page using the ignore function. Then they are no longer able to send you any messages. You should also report these people to your provider.

Security for children on the Internet

24|25

There are however ways to rule out any concerns. Make your child aware of how to use the Internet correctly:
Discover the Internet together so that your child learns how to use it correctly from the start. You should also regularly ask him or her about his or her recent experiences on the Internet and/or take a look at the screen if your child is sitting at the PC. Look for trustworthy web sites regarding child protection and find out together with your child which sites children can surf without having to worry about being confronted with unsuitable content. The Deutsche Telekom, for example, is promoting in Germany child-friendly offers on the Internet and creating a secure area to surf the Internet with the search engine www.fragfinn.de.

lives or meeting places. Even when creating an e-mail address or a name for chat rooms your child should only use nicknames. Discuss the risks of meeting people. Your child should only meet people they have got to know via the Internet after consulting you. Children cannot tell whether this person has good intentions. Discuss the extent to which content is truthful with your children. Encourage your child to have good netiquette, i.e., to behave appropriately. This is particularly important if you child contacts friends on the Internet. Use filter programs so that your child only has restricted access to the Internet and only visits sites appropriate for their age. You can find further comprehensive information on internet security on the website www.klicksafe.de. Under the mandate of the European Comssion this website wants to bring forward the media competency related to the usage of the internet.

Security for children on the Internet.

Nowadays exposure to the Internet during childhood is almost selfevident. It is hardly surprising that parents worry about the safety of their children when they use the Internet.

Agree on rules for Internet usage and find out about protective devices associated with this. There are special filters which can be installed on the computer and which automatically block pornographic sites as well as those which glorify violence or are associated to political extremists. Your child should never pass on personal data no details about age, where he or she

Little data protection glossary.

Little data protection glossary

26|27

Remind that your data is highly sensitive, Always protect your data,

and use the strongest security settings to protect your PC.

e-mail accounts and Internet accesses with a password where possible. It is important to select a combination of letters and digits that no-one except you can know.

Do not use unprotected WLANs

if you do not know their operator and always protect your home access with a password.

Never keep your access data

(user names and passwords) in an easily accessible place and do not store them on your PC.

Reveal as little as possible about yourself on the Internet. Think twice before disclosing data such as e-mail addresses and phone numbers or uploading photos. Check what sites your children visit on
the Internet and educate them about the possible dangers.

Report prohibited cold calls to the

Federal Network Agency.

intervals.
Legal information The content of this document is protected by copyright. No part of it may be reproduced, made available to the general public or used in any other way without the prior written consent of Deutsche Telekom AG. This applies in particular to reproduction on all types of data media, e.g. CD-ROM or DVD-ROM, as well as to rendition in electronic databases or online services. This guide has been compiled with great care and attention. Nonetheless, Deutsche Telekom AG accepts no responsibility for the correctness, completeness or topicality of the information it contains. This applies likewise to the content of websites that are linked through this document. On no account does Deutsche Telekom AG accept liability for direct or indirect damage such as loss of data occurring in connection with the pursuit of actions recommended in this document.

Be sure to back up your data at regular Always keep your virus protection
software up to date.

Make sure that you never allow people to gain

access to your data at a publicly accessible PC.

Published by Deutsche Telekom AG Corporate Communications/Group Privacy Friedrich-Ebert-Allee 140 53113 Bonn www.telekom.com/datenschutz Contact [email protected]

The 10 most important rules ...

K-Nr. 642 100 153 | Stand 05/2011