Some ARM-LP tips to be safe online…
PROTECT YOUR IDENTITY
CJCS earnestly suggests you follow this 3 Step Program …
Click the image to make it larger.
SECURE YOUR INFORMATION
- Use someone’s middle name — not your own
- Write it with a single Capital letter and at least one number or special character
- Add phrases, whether silly or not
- Use spaces in the password.
DEFEND YOUR PRIVACY
Email scams are a very serious problem. Malware is used to find email addresses stored within the iNfected computer, and then to use those addresses in two nefarious ways:
1. to create credible forged From fields in the emails that they send, so that these emails are more likely to be opened, and
2. as intended targets for an email scam
Sara sends Judith an infected email. Judith opens it, the malware infects her computer, and freely searches her address book. It finds 942 addresses, among them those of Rabbi Monica and Cantor Joel. Judith’s computer sends an infected email to Rabbi Monica. The email appears to be sent by Cantor Joel, however, and even though his email server detects the malware it is unaware that it was sent via Judith’s computer – and so is Judith.
GUARD YOUR FORMS
Websites use forms to collect information. Your website, for example, may have a contact form to collect a user’s email address, after which it will send an email to someone in your community. Most contact forms simply have a place to input text. Some may use buttons or checkboxes to collect additional input.
Email contact forms are common, convenient, and do add some level of security. They can, however, be much more secure – and they should be.
A completely secure system is impractical, and so it is probably impossible. Are you going to install biometric validations, such as retinal scans or fingerprints? Likely not – and even if you did, a relatively simple form might take 10 minutes to fill out. It’s impractical, and so it is probably impossible.
You need to balance usability and risk, but it’s reasonably simple to spoof a form — and reasonably easy to target harden the form.
Security By Design
Your obligation to your users is to make form spoofing extremely difficult. It’s vital that your contact form be designed to produce maximum security with minimal inconvenience.
- Some contact forms permit users to email multiple contacts. Avoid this.
Your user can only send a single email on the form. Permitting multiple contacts from the same form simply sends one email to many people. Where is the convenience in this?
- Your content management system has form design options. Use these with caution.
Form design plugins are amazing technologies. Coding for security, however, is not necessarily a top-of-mind consideration. Speak to your IT expert to assess whether additional PHP scripting should be added to make the form more secure.
Security By Obscurity
In other contexts, this should be avoided. In this discussion, however, security by obscurity simply means that your forms use a practical, unobtrusive security system to let the user simply fill out the form and move on.
Complexity can invite security breaches: inconvenience is something users will try to find a way to overcome, even if it makes them safer.