By Lee Weiner, Senior Vice President of Products & Engineering at Rapid7
Based on the ads and holiday music bombarding us at every turn, ‘tis the season to get shopping. To avoid the crowds and craziness of the shopping centers, many will look to the internet for inspiration and convenience this holiday season. In fact, analyst firm Forrester Research, predicts that online sales will grow 15% this holiday season, reaching $78.7 billion.
This is good news for online retailers, but it’s also a clear opportunity for criminals looking to make a profit from cyber attacks. If you think climbing down a chimney is the only way someone can get access to your personal info, think again. Below are seven quick tips for protecting yourself online this holiday season.
- Update your browser. Before you get started, make sure your browser (e.g. Internet Explorer, Chrome, Firefox) is up to date. You can check that by visiting the browser’s site and downloading the latest version. Or you can visit http://whatbrowser.org/, which will tell you the name and version of the browser you are using, and whether or not it can be updated, as well as how to do so. Older versions may have known vulnerabilities that attackers can exploit.
- Don’t use public networks. Public networks, for example the free wifi at your local coffee shop or library, are rarely secure, and are a good place for someone to try to interfere with your browsing. If you have the choice to connect to a virtual private network (VPN), you should always do so when connecting to a public network. If you don’t, it’s best to avoid them, saving activity that sends confidential data over them, such as making a purchase or even logging-in to a retail site, for a network more likely to be secure.
- Be vigilant! With every retailer sending emails for this amazing deal or that incredible offer, attackers have plenty of opportunity to create seemingly credible, yet fake, emails designed to lure you into visiting a compromised website, opening a malicious attachment, or giving them some confidential information. Don’t fall for it! If a deal looks interesting, go directly to the retailer’s homepage through your usual method and you will find the deal from there.
- Don’t register. Most retail sites will offer you the choice to shop as a guest or register for the site. Shopping as a guest limits the amount of information the site stores about you. The more sites that are storing your personal information, the more you are increasing your exposure and trusting third parties to protect your confidential data.
- Be complex. If you do register for a site, register with a complex password that includes lower and upper cases, as well as numbers and special characters – the longer the better, so try stringing a few unconnected words together (eggnog may help here). This makes it harder for criminals to guess. Never reuse passwords across sites. That way if a site you signed up to is compromised, your account on another site won’t also be at risk. Remembering lots of complex passwords is tough, but sites and apps like LastPass and KeePass can help.
- Don’t save financial info. Many sites now offer you the choice of whether to store your financial information or not. Don’t do it! Yes, it takes a few extra minutes to put that information again every time you make a purchase, but you are trusting people you don’t know to protect your confidential bank information when you don’t need to.
- Avoid shady sites. Criminals frequently create plausible-looking websites designed to trick you into giving them your confidential information, particularly financial information. Where possible, stick with well-known or recommended sites. For more specialist items that might lead you to less-known sites, looks for signs the site is a bona fide trader before giving them information, for example if they have a shop on eBay or Amazon.
Above all, remember that packages with nice wrapping aren’t always the gift you were hoping for and if something looks too good to be true, it usually is. Taking these basic precautions will help you protect yourself so you can embrace the spirit of the season and enjoy the holidays
About the Author:
SENIOR VICE PRESIDENT OF PRODUCTS & ENGINEERING
Lee is responsible for leading the direction and delivery of Rapid7’s entire product portfolio, including its award-winning solution Nexpose. In this role, he also identifies new opportunities to help Rapid7’s customers solve the complex security challenges they face. Lee has over 15 years’ experience in high-technology, most recently leading the customer care products group at LogMeIn, driving engineering, product management and product marketing. He has also held leadership roles at software security firms including Netegrity, IMlogic, and Symantec Corporation. He holds a Bachelor of Arts from the University of Massachusetts.