With the holidays already here, many of us will be purchasing items and gifts online; this has become commonplace but is especially true this year as we all deal with the COVID-19 pandemic. Adobe Analytics estimates that online sales this November and December will surge 33% year over year to a record $189 billion making the already rich pandemic cyberspace even more attractive to cyber thieves.1 Cybercrime has become an industry all on its own and gets more and more sophisticated every year and want us to live in a world of fear, uncertainty, & doubt (FUD), but we can protect ourselves by following good personal cyber-hygiene practices.
Everyone can play a role in protecting themselves, specifically around information safety and securing their systems & devices. There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional. Below are several tips you can put into action now:
- LOCKDOWN YOUR LOGIN: Make a long, unique passphrase. Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember, Use 2-factor authentication or multi-factor authentication (like biometrics, security keys, or a unique, one-time code through an app on your mobile device) whenever offered.
- WHEN IN DOUBT, THROW IT OUT: Links in email, tweets, texts, posts, social media messages, and online advertising are the easiest way for cybercriminals to get your sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Essentially, just don’t trust links.
- KEEP A CLEAN MACHINE: Keep all software on internet-connected devices – including personal computers, smartphones, and tablets – current to reduce the risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
- BACK IT UP: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup.
- OWN YOUR ONLINE PRESENCE: Every time you sign up for a new account, download a new app or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
- SHARE WITH CARE: Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.
- GET SAVVY ABOUT WIFI HOTSPOTS: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Only connect to known Wi-Fi networks; beware of network names that have typos or extra characters. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
The Cybersecurity and Infrastructure Security Agency (CISA) also reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.2
CISA encourages online holiday shoppers to review the following resources.
- CISA’s Online Shopping Tip
- CISA’s Holiday Online Shopping page
- CISA’s Social Engineering and Phishing Attacks Tip
- The Federal Bureau of Investigation’s (FBI’s) ‘Tis the Season for Holiday Online Shopping Scams – Don’t Be a Victim Announcement
If you believe you are a victim of a scam, consider the following actions.
- Report the incident to your local police, and file online reports at the Federal Trade Commission’s Report Fraud page and the FBI’s Internet Crime Complaint Center (IC3) page.
- Watch for unexpected or unexplained charges to your account. If any appear, contact your financial institution immediately and close any accounts that may have been compromised. See CISA’s Preventing and Responding to Identity Theft Tip for more information.
- Change any passwords you might have revealed immediately. Avoid reusing passwords. See CISA’s Choosing and Protecting Passwords Tip for more information.