This year’s holiday shopping season is in full swing, with online shoppers inundated with promotional emails and texts. While it’s important to note that many of these online offers are legitimate marketing, we all need to be aware that cybercriminals are out there more than ever, looking to take your money.
At the US Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, protecting Americans from cybercriminals is a top priority. Every day we hear hackers successfully attacking large businesses and government departments with malware and ransomware, but cybercrime affects individuals as well.
It’s not just the theft of your bank account that matters, it’s also your identity, your financial data or the content of your emails. These are wanted by malicious actors. The less you care about it, the more of a target you become.
For most of us, the Internet is an integral part of our life. We use the web to get information such as the route on our smartphone for the company holiday party. We use the web to wish Cousin Larry and all of our family and friends a Happy New Year from our vacation spot in Florida. We use the web for financial transactions like paying bills or buying that last minute gift found on our spouse’s e-commerce wishlist. Every activity we do on the web can be compromised in one way or another, so it’s important to have a few ground rules to protect yourself and your loved ones from fraud and scams.
Over 90% of malware is downloaded unintentionally by people who simply open hyperlinks or email attachments. Obviously, most of us don’t try to do this, but the bad guys can be tricky. A text message from an unknown source saying you’ve won a million dollars can be tempting to open. More realistically, an email from what appears to be a trusted source that seems important may be more difficult to recognize as a fake. You may not notice the additional semicolon or backslash in the email address. If you’re unsure of the email, type the URL into a browser rather than clicking the link, and either way, trust your gut! If you receive an email that you think is a phishing scam, you can report it to us-cert.gov/report-phishing.
Here are a few more ways to lower your online risks and make it a little easier to rest knowing your internet activities are protected all year round.
– Always protect your devices by making sure you have the most recent software updates and patches. This is generally easy to do for smartphones and tablets, as updates are sent automatically. Don’t forget to install them or, better yet, configure your devices to install automatically.
– Passwords for your devices (as well as your online accounts) are another area of concern. We all know that managing passwords is difficult. But don’t use popular passwords like “password” or “123456”. The best advice is to make your passwords different and complex. Change them regularly and use a software application called a password manager to keep them tidy.
– While passwords are one key to protecting your accounts, another is multi-factor authentication. Think of it like the deadbolt that supports your door lock. Multi-Factor Authentication sends you an email, text, or phone call to confirm that you are trying to access your account. Accounts protected with this tool are much less likely to be hacked. All accounts that deal with finance, health, or personal records should absolutely have multi-factor authentication installed. What about your other accounts, like social networks? Implement it too.
– Finally, beware of public Wi-Fi networks. Avoid using these networks when carrying out sensitive personal or financial activities. If you must use public networks (or any other network for that matter), make sure that the web address you contact has “https” (not “http”) in the URL, to ensure a secure connection. Use credit cards (not debit cards) when shopping and always check your credit card and bank statements to make sure your transactions are correct.
Protecting your cyber profile is an important task that starts with you. The holidays are a great time to review your accounts and devices, and make sure you and your family are protected. The simple steps outlined above can go a long way in ensuring that your cybersecurity and security are in good hands. By taking these steps we reduce our chances of encountering the “Cyber Grinch” and can once again focus on the joys of the holiday season knowing that our internet use is protected.
David E. Wood is Protective Security Advisor for the Cybersecurity & Infrastructure Security Agency. He is based in Lancaster.