Consumers are always looking for a bargain and the best time of the year is just upon us. However, it is also a time when cybercriminals are looking for the best opportunity to abuse our trust and offer deals that are simply too good to be true. Hidden behind those fake deals they are stealing your identity, your data, and emptying your wallet.
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, has developed a list of cybersecurity best practices to keep consumers (and their data) safe during the holiday shopping rush this year:
Beware of the Secondhand Market
Many shoppers this year might be persuaded to save some money and opting to purchase secondhand technical goods. You should always take the same precautions when shopping online, but you must go one step further to stay safe. If you are selling your older or buying secondhand technical equipment such as phones, smart devices, laptops, computers, games consoles and even cars which today are simply computers with wheels then you should ensure you have taken steps to make them safe to give away or use secondhand.
Unsync your old devices from your accounts
Log out of your accounts
Delete any data or apps from the devices
Erase and format any hard disks (ensure you have copied or backed up any important data you do not want to lose.
Restore to factory settings before using or giving away
All too often it is common to find sensitive data on secondhand devices as users save passwords in the browsers or sync’d their smart phone with their car leaving all of their apps logged in, contact data and sensitive messages that might contain passwords and usernames. To ensure sensitive data is not lost or malicious apps are not hidden on devices reset them before use.
Replace your password with a passphrase or even better a Password Manager
One of the most effective and simple security controls that an individual can implement this holiday season is the creation and use of strong passphrases. Most online retailers do not notify customers when their password is weak or needs to be changed. As a general rule, the same password should NEVER be used twice. Using a passphrase, a sequence of random words with a few symbols is an effective approach. The smart choice is to use a password manager to help create passwords that are unique, long, and complex to protect your digital life and help move passwords into the background. Let a password manager do the hard work for you so you can enjoy safer internet shopping.
Before “clicking” stop and think “PHISH”
The following “PHISH” acronym offers a fun way to remember simple best practices to deter even the most sophisticated cybercriminals:
PAUSE: We’re all in a hurry but take a moment to examine every email before clicking on anything.
HOVER: Hold your cursor over any link to make sure the destination matches and looks legitimate before clicking on it.
INSPECT: Check the email and see if anything looks off, such as easy spelling/grammar errors, fuzzy graphics, etc.
SOURCE: Rather than clicking on a suspicious link that requests sensitive information, go directly to the website, and confirm whether the requesting organization is really asking for it.
HELP: If you aren’t sure if an email is legitimate or not, ask for help or call the person/organization directly to confirm it’s not a phishing request. Never be afraid to ask for help.
Limit personal information
Often, online retailers will require customers to create a user account before they can proceed with finalizing their purchase. In events where this is required, a user should only enter the basic information needed to activate such an account. Providing excessive information, such date of birth, identity document details and phone numbers can increase cybersecurity risks. If a user already has this information set with certain online retailers, it is important that it is hidden or removed from a profile. Where possible, it is best to proceed as a ‘guest’ when checking out. Only if you shop frequently should you consider creating a profile however always remember to use unique passwords.
Create several digital identities and avoid use of public WiFi
The creation of multiple accounts can limit the amount of risk a user’s information is exposed too. Setting up a few email accounts, each with a different purpose, is a good security practice. For example, having individual accounts for making purchases, subscribing to newsletters, and using services that require an email address. Some solutions today help you create one time use email addresses.
Where possible, it is also best that people avoid using public Wi-Fi network without VPNs when making online purchases. If you do need to use public WiFi, be aware of suspicious ads, be a least privilege user while browsing and always assume your data is being monitored. You should also be sure to disable “Auto Connect Wi-Fi” or “Enable Ask to Join Networks” settings. Since cybercriminals often use Wi-Fi access points with common names like “Airport” or “café,”your devices could inadvertently auto connect without user knowledge. However, using your cell network personal hotpot over public Wi-Fi is always preferable.
Check for HTTPS sites
Users should also focus on using websites that have HTTPS in the URL, where data transferred between the web browser and the website is encrypted for enhanced protection. However, it is important to know that HTTPS only means the traffic is secure and you want to be 100% sure that the website you are shopping at is also a trusted vendor.
Use credit card or secure payments versus debit card
When making online purchases, shoppers should use a credit card or secure payment capabilities. This should be done while also incorporating the aforementioned tips like using trusted vendors, HTTPS websites and avoiding public WiFi.
Increase default security settings
Many websites’ privacy functions are basic or often turned off. Make sure to review what privacy and security options are available to you and enable them. Make your account less visible and make sure security measures are sufficient for the data or services you plan to use the account for. If multi-factor authentication (MFA) is available, use it. Also, make sure to enable alerts and notifications on all your accounts so to ensure you are apprised of any suspicious activity that arises. We must move from security by design to security by default.
Education and Awareness – A strong secure digital society
Education and Awareness is key to protecting you from cyber crime.
It's important to build a culture around cyber security and awareness that enables you to seek help when you notice suspicious activities. The earlier, the better. Being vigilant online Flagging suspicious emails with attachments, hyperlinks, and unknown senders Identifying suspicious applications Avoiding clicking on ads or links from unknown sources Limiting activities that occur on insecure Wi-Fi networks helps you avoid breaches and identify them early before becoming devastating events.
Stay Patched and Update Software
All systems and applications must be patched to prevent cyber criminals and malicious hackers from exploiting existing vulnerabilities to access systems. Patches are excellent for identifying and correcting vulnerabilities in software and applications that could leave them vulnerable to cyber-attacks. Regular updates and patches can also fix bugs, improve features, or help the app operate more effectively. These measures don't prevent all cyber crimes, but they make you a more difficult target.