Cyber Security Over the Holidays Published December 17, 2018

Let’s face it: Most people’s holiday thoughts gravitate toward finding and receiving the perfect gifts and carving out time in the holiday bustle to visit loved ones – not how to protect themselves from cyber threats.

But, staying cyber threat-aware and safe should be on everyone’s holiday priority list, too. In fact, cybercrime is on the rise: Just think, hackers attack every 39 seconds, and they sure don’t take a break for holidays. Taking precautions now can save you from a multitude of cyber threats, including scams, hacked bank accounts, identity theft, and more.

Below are several tips for those giving and receiving, and those shopping and traveling, to protect themselves from cybercrime during the holidays.

Stay Safe While Shopping

It’s no surprise spending increases during the holidays as U.S. consumers turn to online stores for the convenience of gift-buying. But, with that convenience comes increased risks. When shopping online, follow these tips to reduce your run-ins with cyber security threats.

First, ensure you shop through a secure website. Look for the “https” in the URL (the S stands for “secure”) and the lock symbol. This means all communications between your browser and the website are encrypted.

Only purchase from legitimate websites, and research the places you’re shopping, paying special attention to customer ratings. Often shoppers will turn to websites like eBay to find a deal, but the items they purchase there aren’t always certified, and returns could be a bigger hassle.

“With other sites, it might cost a little more, but at least you get what you’re asking for,” Rose State College cyber security professor Ken Dewey says. “Remember: If it’s too cheap, it’s probably not legit.”

Dewey also suggests you save your debit card for the ATM and opt for credit cards when shopping online. A compromised debit card is a key to unlocking your checking or savings account, giving criminals direct access to your cash. Using a credit card lessens your security risks and ensures your bank can help you recoup your money if you incur fraudulent charges.

Credit cards are also safer when buying at brick-and-mortar locations, too. After a shopper taps the keypad to enter a debit card PIN number, Dewey says criminals can employ heat-sensing cameras to take a photo and reveal the “heat signature,” or which numbers were touched and in which order.

If you’ve never used or set up Apple Pay, the holiday season is a great time to try it out. Each Apple Pay purchase generates a one-time use credit card number.

“That’s an amazing option because even if someone did steal it – say they broke into a Subway restaurant and got all the credit card numbers used that day – they got a one-time card number from me that they’ll never be able to use again,” Dewey says.

Gifts: Setting Up New Devices

If you have new high-tech equipment and gadgets on your holiday wish-list, Dewey has some advice for you: Choose strong passwords for all your new technological toys.

“People are going to get a lot of new phones, a lot of new tablets, a lot of new everything over the holidays, and the No. 1 problem out there right now is user credentials like passwords,” he says.

For starters, never use the default usernames or passwords on any device. Why? Eighty-one percent of hacking-related breaches are directly attributed to weak or stolen passwords, according to the Verizon Data Breach Investigations Report. Update login information to unique names and strong passwords only you know. Often, default passwords are available publicly online, as they are with wireless routers. A quick online search of the default Wi-Fi network name could give hackers instant access to your internet connection.

Take your safety one step further and don’t choose passwords with easy-to-guess number sequences such as “12345” or real words (consider the word “password” off limits). Weak passwords are an open invitation for hackers to gain access to your devices. Then, set up two-factor identification if and when prompted. This type of identification means anyone attempting to log into your account from an unrecognized device will need to enter an authorization code each time. That code could arrive in your email inbox, or by text or phone call, depending on the account you’re attempting to access and your two-factor identification preferences.

Lastly, if you’re asked to fill out answers to security questions while setting up new devices and accounts, use bogus answers, encourages Dewey. Most people use true (and logical) answers to these questions, but their accuracy actually makes the answers easier for hackers to guess. If you use off-the-wall answers, hackers find it nearly impossible to break in (Think: using “carrot cake” to answer the question “What school did you attend in third grade?”). Although you shouldn’t reuse passwords, Dewey recommends using the same bogus answers consistently for security questions, so you can remember your one answer easily.

Once you pick your new password, don’t write it down or store it in a password spreadsheet on your computer (both can be stolen or broken into). Instead, use a platform like LastPass, a free website that safely stores dozens of logins and passwords. All you need to do is remember your master password to LastPass and log into the platform to have access to all your stored accounts.

“That system stores all my information, encrypted, and I have to log into that to get all my other passwords,” Dewey says. “For instance, my Twitter password is 30 characters. I don’t even know what it is, but it’s stored in LastPass.”

Traveling Tips

Do you intend to spend your holiday out of state or abroad? Plan ahead. Give your bank and credit card companies a call and let them know where you’re traveling and when. That way, your account won’t be flagged or placed on hold because of suspicious activity.

What’s even smarter? Don’t bring all your credit cards. Decide which you’ll need and bring only those. That way, if your credit card information is stolen, you won’t go through the hassle of canceling a stack of cards – you’ll cancel only what you brought with you and only what was compromised.

Those with big travel plans are likely to pass through an airport and have time on their hands to surf the internet. If the airport has unsecured Wi-Fi, you have cause for concern and should look into securing a virtual private network, or VPN, which allows users to bypass a shared or public network and send and receive data across it as if they were directly connected to a private network.

Another option to decrease the risk of cyber threats while traveling? Get some gift cards.

“If those are stolen, yes, they’ve got your money, but they don’t have access to your bank and cards,” Dewey says. “Look for discounted gift cards to save money. And, you can also prepay a lot of stuff before you arrive, so you don’t have to worry about money.”

Also, be on the lookout for skimmers, devices criminals place on gas pumps to “skim” credit card information. At the gas pump, check for internal and external skimmers. Signs of internal skimmers include anything loose or protruding from the area where you insert your card. Internal skimmers are hidden inside the pump, often with no signs of tampering. These skimmers can relay card information to scammers in real time using Bluetooth technology. If you’re leery, check your cell phone’s Bluetooth setting, and if you see a long string of numbers attempting to connect, do not use the pump.

Doors to the gas pumps need to be locked, too. Don’t use the gas pump if the door is broken or forced open, or if the safety tape is broken. Safer still? Use the pump most in view by the gas station attendant, or, pay inside.

Follow these cyber security tips to stay safe over the holidays, and check out our Cyber Security program – a great next step for those interested in the field of cyber security. 

• Use secure websites – Always use secure websites (look for the https in the URL), and use credit cards, not debit cards, for online purchases.
• Try Apple Pay – Apple Pay transactions generate a one-time credit card number, so if the number is compromised, criminals can’t use it again.
• Create strong passwords – Received some high-tech gifts this year? Change your default settings to a unique username and strong password.
• Store personal info securely – You’ve got strong, difficult-to-guess passwords, Now what? Store them securely in a platform like LastPass.
• Give a heads up – Traveling out of state or abroad? Alert your bank and credit card companies ahead of time so they don’t put a hold on your accounts.
• Take what you need – When traveling, take only the cards you need. If one is compromised, you only have to cancel that one card.
• Use VPNs – Traveling through an airport? Use a virtual private network (VPN) to connect to the internet to stay more secure.
• Inspect your gas gump – Inspect your gas pump for skimmers, devices hackers place on the equipment to skim credit card information.