Our co-author Joseph Carson published a great article about how to be more secure while shopping online. Original article was published at Techperspective.
Cyber security is an incredibly hot topic right now. With more than 3.5 billion Internet users worldwide, there are millions of opportunities for hackers to exploit, and in recent years, Black Friday and Cyber Monday have become prime targets for cyber criminals to create scams that lure unsuspecting victims.
If we look at all of the cyber breach reports in the past year – we can clearly see that it has been a busy time for cyber criminals. Public reports describe over 500 data breaches and more than 2 billion records stolen this year alone.
So why do we continue to see so many cyber breaches? If we look at why many of the breaches in the past year have occurred it comes down to three major factors: Human Factor, Identities and Credentials, and Vulnerabilities.
Every day billions of people power up their devices and connect to the internet to access online services so they can get the latest news, shop for the best deals, chat and connect with friends, stream music and videos, get advice for health, share their thoughts and access financial information. As more and more people and business’s use online services, they quickly become a target of cyber criminals and hackers. It is critically important to know how cyber criminals target their victims, what you can do to reduce the risk and make it more challenging for the attackers who steal your information, your identity or your money.
Here are 8 simple tips that we at Thycotic feel all shoppers can benefit from as we approach the holiday season:
Whether you are about to create a new account or if you already have an existing account make sure that you only enter the basic information required to get the account activated and not to put excessive information that could put you at risk. Many services will try to tempt you to put more information like date of birth, home address, location details and mobile numbers to make it easier for other people to find you but in fact this increases cyber security risks and cyber criminals can also find this information. If you have already added this information set them to hidden or remove them from your profile.
Many websites privacy is basic or turned off. Also, security is optional. Make sure to review what privacy and security options are available and enable them. Make your account less visible and make sure the security is sufficient for the data or services you plan to use the account for. If multi-factor authentication is available, use it preferring to use an Authenticator application to SMS. Make sure to enable alerts and notification on your accounts so that you get alerted on any suspicious activity. Also, make sure to limit and receive notifications when anyone is attempting to tag you.
When choosing a password, make sure to choose a strong password that is unique to that account. The average age of a web password today is years and many websites do not do a great job telling you how old your password is, how weak it is, and when it is a good time to change it. This is your responsibility to protect your account so make sure to protect it wisely. If you have many accounts and passwords use an enterprise password and privileged account vault to make it easier to manage and secure them. Never use the same password multiple times. Get into the habit of using password phrases.
Wherever possible, make sure the website is using HTTPS in the URL. This ensures that the data transferred between the web browser and the website is encrypted. This will limit the ability for any person in the middle from monitoring or watching your data.
Create multiple accounts to de-risk your information. For example, setup multiple email accounts: one used for communication, one used for subscribing to for example different online newsletters, airport Wi-Fi and other services that require an email address and then another that is used to resetting passwords which has higher security settings. This helps de-risk the information and also limit your risk of having all of your eggs in one basket.
Better not use a public Wi-Fi network without VPN. Instead, use your cell network (3G/4G/LTE) when security is of the utmost importance. When using public Wi-Fi, ask the vendor for the correct name of the Wi-Fi access point, whether it has security and whether it is common for hackers to publish their own Wi-Fi SID with similar names. You should be sure to disable Auto Connect Wi-Fi or Enable Ask to Join Networks because hackers use Wi-Fi access points with common names like “Airport” or “Cafe” so your device will auto connect without your knowledge. Also, do not select to remember the Wi-Fi network. Do not click on suspicious links. Beware of ads that could direct you to compromised websites. Be sure to use a least privileged user or standard user while browsing, as this will significantly reduce the possibility of installing malicious malware. Finally, always assume someone is monitoring your data over public Wi-Fi. If you have a mobile device with a personal hotspot function, always use this over public Wi-Fi where possible.
We are a society of clickers; we like to click on things like hyperlinks. But you should always be cautious of receiving any message with a hyperlink and ask yourself was this expected? Do I know the person who is sending it? On occasion you should ask the person if they actually sent you something before clicking on something which might be malware, ransomware, a remote access tool or something that could steal or access your data. Nearly 30% of people will click on malicious links and we need to be more aware and cautious. Before clicking: stop and think.
When making online purchases, first make sure that website is using HTTPS. Do not make purchases over public Wi-Fi and prefer to use a credit card or secure payments that has Internet protection when making online purchases rather than using a debit card which has less protection.
The holidays are fast approaching. Be sure to stay safe online with these best practices and avoid becoming the latest headline as the next victim of cyber-crime.