Blog and Diary Web sites
Cyber 911 Tiplines 
Are you worried about privacy and security online? Could you be a victim of Identity Theft? Web site safety
Building safer Web sites
OK, your anti-virus is current and constantly updated and you run a firewall. You never open e-mails or attachments from an unknown source and you’d rather eat worms that reply to spam. You have an anonymous nickname, you don’t use any of your personal details in your profile online and you never send e-mails, texts or IM ’s that contain your telephone number or real name.
Well, hang on there just a minute. What about your Web site?
If you have a Web site or a Web page, it is very possible that without actually realizing it you are giving away information about yourself to complete strangers. How many Web pages have you seen that read like this?
“Hi, my name’s Jenny and I am 13 years old. I live in Wisconsin and I love cats!”
Seems innocent enough, doesn’t it? Well, let's take a closer look at Jenny's Web page >>
What did we find out?
We know Jenny lives in Wisconsin and is 13 years old. But we also know that her mother is a cat breeder of a particularly rare type of cat. It would probably not be too difficult to find her number and address - but we don’t need to. Why? Because Jenny has given us a link to her mother’s Web page and on it is her mom’s telephone number and her mom’s address. So, without really having to look too hard, we have Jenny's full name, her age, her mom's name, her address, a map of where her house is, her telephone number and information about her interests. Armed with that sort of information, a scammer, fraudster or predator could easily target Jenny and/or her mother.
Obviously, this is a contrived scenario but the message is clear here, there are certain things you need to pay attention to when you are building a Web site or a Web page. One thing, as the saying goes, can lead to another and this is true for Web pages. The path to your personal information could easily be a simple click away without you even realizing it.
For parents
Be careful what you let your kids upload to the Internet. It's great to encourage them to dive into the world of Web page and Web site building and maintaining your own little piece of Internet real estate is both educational and fun. But you wouldn't send your kid out to play wearing a T-shirt that said "Hi, my name is Joe, I am 5-years-old my telephone number is (987)-654-3210", would you? Web pages are no different - don't let your children put personally identifiable information online!
Read Parry's Internet Safety Guide for Parents for tips on how to keep your child safe online and Clues We Give Away about how easy it is to disclose personal information online.
Of course, when someone runs a business, club, community or society with an online “branch”, it is sometimes difficult not to include personal information. Their current and potential customers and/or members want to know whom they are dealing with. So what do you do to make sure you are "visible" but also safe?
The basic do's and don'ts for everyone
- Don't use your real name in your e-mail address. Do use an anonymous e-mail address if possible
- Don't use "mailto" e-mail addresses in the HTML on your Web site. Do use a contact form on your Web site or disguise your "mailto" links with JavaScript.
- Don't use your home telephone number on your Web site. Do get a second number or cell phone that you only use for the business.
- Don't use your real address or include a map if you work from home. Do get a post office box. If someone needs to visit you they can call first to get directions.
- Don't give your kids or friends a "free rein" Web page at your business Web site. Do get them some free Web space of their own and/or monitor what they do closely.
- Don't ask for personal information unless you really need it and the process is secure. Do make sure you have a Privacy Policy and a secure server if you collect information.
For all webmasters
Whether you are a professional Webmaster or not, you have a responsibility to ensure that your Web site or Web page is as safe as possible both for yourself and for those who access it. That means that you have a Privacy Policy, SSL (secure server) if you are dealing with personal information or payments and, if you run a message board or chat room, it is (ideally) moderated. Do you run a mailing list or newsletter? Make sure that if you maintain it manually you always use the Bcc option in your e-mail client or, better still, use e-mail list management software like LISTSERV®.
Never believe there is no such thing as bad advertising. If you spam newsgroups with off-topic advertisements for your Web site you are asking for trouble, anything from flaming to retaliatory spamming.
Always back up your data and preferably onto CD or removable memory and never disclose your passwords for anything to anyone. If you have to give someone access to your server - set them up with a temporary, restricted login and remove the priviledge when they are finished. Passwords should be difficult to guess and preferably alphnumeric & case sensitive, like "6hY7e5", for example.
If you are using Server Side Includes and/or CGI-BIN solutions check them for potential security flaws and stay updated on relevant upgrades, patches and fixes.
Regularly check your logs. It is unwise to be complacent regarding hacking, for example. Just because you are a small business with a 5 page Web site or a fan site for banana milkshake does not necessarily mean you are not a target for trouble. In the same breath, "advertising" your Web site's security solutions and bragging about how secure your Web site is can be a red flag - there's a fine line between arrogance and confidence and someone will always try to cross it.
Make a note of this Web site: CERT® Coordination Center (CERT/CC), the center of Internet security expertise. You can read about and stay updated on the subject of Internet Security there in much greater depth than is covered here.