Security Tip (ST05-013)

Guidelines for Publishing Information Online

The internet is a public resource. Avoid putting anything online that you do not want the public to see or that you may want to retract.

Why is it important to remember that the internet is public?

The internet is an accessible, popular resource for communicating with others and conducting research. You may have a sense of anonymity while online but should remember that you are not anonymous, and it is just as easy for people to find information about you as it is for you to find information about them.

Many people have become so familiar and comfortable with the internet that they adopt practices that make them vulnerable. For example, although people are typically wary of sharing personal information with strangers they meet on the street, they may not hesitate to post that same information online. Once it is online, it can be accessed by a world of strangers, and you have no idea what they might do with that information.

What guidelines can you follow when publishing information on the internet?

  • View the internet as a novel, not a diary. Make sure you are comfortable with anyone seeing the information you put on blogs, social networking sites, and personal websites—write it with the expectation that it is available for public consumption and that people you have never met will find your page. Although some sites use passwords or other security restrictions to protect the information, these methods are not used for most websites. If you want the information to be private or restricted to a small, select group of people, the internet is not the best forum.
  • Limit the amount of personal information you post. Do not post information that could make you vulnerable, such as your address, phone number, email, or information about your schedule or routine. Supplying your email address may increase the amount of spam you receive (see Reducing Spam for more information). Providing details about your hobbies, your job, your family and friends, or your past may give attackers enough information to perform a successful social engineering attack (see Avoiding Social Engineering and Phishing Attacks and Staying Safe on Social Networking Sites for more information).
  • Realize that you cannot take it back. Once you publish something online, it is available to other people and to search engines. You can change or remove information after something has been published, but it is possible that someone has already seen the original version. Even if you try to remove the page(s) from the internet, someone may have saved a copy of the page or used excerpts in another source. Some search engines "cache" copies of web pages; these cached copies may be available after a web page has been deleted or altered. Some web browsers may also maintain a cache of the web pages a user has visited, so the original version may be stored in a temporary file on the user's computer. Think about these implications before publishing information—once something is out there, you cannot guarantee that you can completely remove it.

As a general practice, let common sense guide your decisions about what to post online. Before you publish something on the internet, determine what value it provides and consider the implications of having the information available to the public. Identity theft is an increasing problem, and the more information an attacker can gather about you, the easier it is to pretend to be you.

Authors

CISA and Matt Lytle and Jason Rafail

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No