The holiday season has arrived and for most, it also means online gift shopping to avoid large crowds and busy mall traffic—especially in the COVID-19 era.
There’s no doubt that the accessibility of online shopping has made our lives easier, however, it also exposes us to several harmful online risks as a result of sharing sensitive personal information that we’ve become far too comfortable with.
And as you should know, retailers are not the only ones making a profit during the Holiday season—cybercriminals are in for a profit as well.
While we couldn’t and wouldn’t deter you from shopping online, there are, however, a few rules to keep in mind to help you reduce your cyber risk and keep your information safe.
Protect your computer
Before you even consider connecting to the Internet, ensure that you are protecting your computer itself. Keep reading to find out a few tips to better protect your computer and the information kept on it.
1. Antivirus software
Make sure you have Antivirus Software enabled on your computer. If your computer came with it installed, double-check to make sure it’s running, and if not, we’d recommend doing that right away to protect your devices from viruses, malware, and adware. A few examples of well-known and legitimate Antivirus Software include McAfee, Bitdefender, Norton, Kaspersky.
2. Use a password keeper
We recommend people use a password keeper like LastPass, Dashlane, or a product we use called 1Password to generate, store and retrieve passwords. These password keepers also help you create secure, randomly generated passwords instead of your cat’s birthday. By the way, happy birthday to your cat.
3. Protect your hard drive
First, ensure your hard drive is encrypted. If you’re using a Mac that means having your FileVault enabled and on a PC it would likely be BitLocker. In the event that your computer is stolen, all of the data on your computer is encrypted (or scrambled) and unusable to someone else. Taking it a step further, you will also want to ensure you backup your hard drive. Ransomware is the number one revenue source for malicious actors. In this exploit, the hacker encrypts all the data on your hard drive and then extorts a payment in return for the decryption key to restore your data. With the backup copy of your hard drive, you can generally restore your system without regard to the hacker’s demands.
Browse, email, transact, shop and work safely online
Once you’ve made sure your physical computer is safe and ready for your shopping extravaganza, it’s time to get down to business. Once you connect to the Web via a secure network of course on your secured computer, you need to continue to be vigilant and diligent.
4. Use safe networks
Safe computing at home, at work, or on the go starts with ensuring you’re connecting safely and securely to the Internet so that nefarious entities aren’t intercepting your data.
Modems & routers: Nowadays, many internet modems are also peoples’ WIFI router (sometimes referred to as a router/modem combo or gateway) and they usually have firewalls enabled by default, which is important.
WIFI password: You should always take it upon yourself to ensure you have a very strong WIFI password on your network–don’t make it your address or phone number or your dog’s name. You’d be surprised how many networks have a basic password or none at all. A strong WIFI password is at least 8 characters and should be totally random. Use a Password Keeper or Digital Vault to store this complicated password.
Setup a guest network: It is also recommended to have a guest network to allow friends or visitors to use the network while in your home so that you’re not exposing your internal network and computers.
5. Use a VPN
If you’re connecting to the Internet through a public WIFI network, stick to networks that you know, trust, or use a VPN (Virtual Private Network) to encrypt your web traffic. A Virtual Private Network can be used to provide additional anonymity and encryption of your web traffic by allowing you to access the public internet through a private tunnel. Popular VPN vendors include NordVPN and ExpressVPN and they offer monthly and yearly plans to help you access the Web more securely.
6. MFA / 2FA
Use Two-factor authentication (or sometimes called Multi-Factor Authentication) when you can. This means that you use a secondary medium to verify your login credentials or intention to complete a transaction. Oftentimes, MFA will send a pin code or short number-based password via SMS or an authenticator app. This makes it much more difficult for hackers to try and access your accounts if they’ve managed to get their hands on your password
7. Secure websites
Never and I mean never buy anything or share personal information on a website that doesn’t start with “https://” – HTTPS stands for HyperText Transfer Protocol Secure, which means that the website is secured by an SSL (secure socket layer) certificate and ensures that there is an encrypted link between you and that website. When browsing, take a look in the browser’s URL bar, if the website has a closed lock, then you’re in good hands.
8. Familiar shopping sites
Shopping with familiar and well-known retailers in addition to large marketplaces will reduce the chance that your purchase won’t arrive and that you’ll have access to a legitimate support department.
If you want to shop on a new or lesser-known online store that you have not purchased from before, ensure that you can find legitimate contact information for the store (phone number and address) and try to establish if the store has real ratings and reviews from Google, Facebook, Amazon, Yelp, Trustpilot or the Better Business Bureau.
9. Enough about you
Don’t overshare your information online. Most shopping sites should not need to know your mother’s maiden name or your birthday. Retailers should never be asking you for your Social Security Number. Give up as little information as required.
10. If something is too good to be true…
Then, it probably is. On lesser-known sites, watch out for deals that seem to be marked down an absurd amount, often with a countdown clock imploring you to press that red “buy now” button. Additionally, be particularly careful of email deals you never signed up for – most top-tier retailers won’t be spamming you if you haven’t signed up for their newsletter or transacted with them in the past 6 months.
This article was originally published by FutureVault CISO, Nevin Markwart, for Your Money Geek as part of a cybersecurity series.