Cybersecurity Tips to Keep You Safe This Holiday Season

Throughout the year, we see many news stories about cybersecurity breaches in large companies. Of course, we all get worried when we learn that a company—or a bank—we use has been breached because that means our personal information has been at risk. This violation can heighten our awareness for a short time; we check our bank accounts, keep a close eye on our credit score, and change our passwords at the drop of a hat. Unfortunately, these large-scale breaches are not the only time our personal information is at risk. As we start shopping online more and more—particularly to grab all our holiday gifts—we need to be careful about our personal cybersecurity or risk having our information stolen.

There are many ways hackers attack systems, ranging from large attacks on companies down to attacks on individuals. A couple of types of cyberattacks that affect individuals are phishing and malware attacks. Phishing is a common attack often done through email. With a phishing attack, hackers will send fake messages that are formatted to look official. These emails may look like they come from a reputable company or someone you know and have emailed before. In a phishing attack, hackers are trying to steal your sensitive information like your passwords or credit card information, or they might be trying to install malware on your device.

Malware is a term used for malicious code or malicious software, such as spyware, ransomware, viruses, and worms. It is used to describe many types of unwanted software installed on your devices without your consent or knowledge. Hackers will commonly send malware using email attachments or risky links. Once installed on your device, malware will invade your system and give hackers access to your personal data or even allow them to track your activities.

What can we do to protect ourselves and our personal information? Fortunately, many different techniques are available to keep our systems and our data safe.

First, always make sure that your devices are updated. How long have you been clicking “remind me later” on that software update notice on your device? Using a device with out-ofdate software can leave you exposed to cyberattacks. Many software updates will close any gaps in systems that hackers have used to access your devices and information. If you do not update your device, that gap stays open and leaves you vulnerable. Set your device to update during “nonactive” hours. That way, your device will update when you are not using it.

You should also always use best practices when it comes to your passwords. Make sure the passwords you use are not just a word followed by a couple of numbers, and definitely keep away from using names and birthdays! Simple passwords are simple for hackers to guess. Make sure passwords are lengthy, have no actual words or names, and use numbers, symbols, and a variety of capital and lowercase letters. We tend to make passwords simple so we can remember them easily, but programs are available that can keep track of our passwords for us. Do some research on password managers, and find one that best suits your needs, then let the password manager do all the hard work of remembering those passwords for you!

Also, try to use multifactor authentication, or MFA, whenever possible. MFA is a security feature that requires you—or anyone trying to log in using your information—to provide evidence of your identity. Sometimes, a website will send you an email or a text with a code to authenticate that you are the individual trying to log in. If you have secondary contact information saved to a site, such as another email or your phone number, you may be able to request that the site always asks for authentication when you log in or when you try and log in on a new device.

Shop only from stores you know are legitimate: common online shopping sites like Amazon, Walmart, eBay, or Target can sometimes be spoofed. Hackers may make a dummy site that looks real, but it is only there to get you to input your personal information so they can steal it. If you are trying to shop from a small business or local store, verify that you are using the correct site. Always look for “https” or a lock symbol in a site’s URL. These indicators mean the site has been verified, your connection is secure, and the information you send to the site stays private.

If you are using a shopping app on your phone, always check the app’s permission terms and conditions. A shopping app does not need access to your photos or contacts, and using an app that accesses personal information on your phone is very risky. Apps can also be spoofed, meaning they look like an official app from a trusted store, but they are fake and simply there to steal your information or install a virus on your device.

Never shop or access sensitive sites while on public Wi-Fi. Public Wi-Fi is not secure, and hackers use public Wi-Fi to get that much closer to accessing your personal data. Any information you send over public Wi-Fi has the potential to be accessed by hackers. Only use your private, password-secured Wi-Fi for online shopping. Also, shop only on your own devices. Never use public computers when you shop.

When checking out at an online store, do not save your information to every site. Allowing a site to store your personal information—including addresses, emails, and phone numbers—can leave you vulnerable if that site is hacked or if the site sells your information to advertisers.

If you have a credit card, it is often better to use it instead of a debit card when shopping online. Credit cards usually offer better protection than debit cards if your information is stolen and the card is used. Credit card companies will often credit you the money quickly, whereas, with debit cards, you may have to wait for your money while your bank investigates the claim. Having your debit card used fraudulently also means that money is being taken directly from your bank account. You may also have liability with fraudulent purchases on a debit card, meaning you may have to pay a certain amount of money depending on the claim and how soon you report it.

Lastly, keep records of your purchases, such as the confirmation pages, and use that information to check against your bank or credit card statements. Report any suspicious activity quickly.

Always be careful online and be mindful of how much information you are sharing. Taking action to keep your information safe will help you stay secure online without putting any damper on your holiday spending.