Keep Your Devices Safe This Holiday Shopping Season

BITS reminds you to be safe and remember these tips during this holiday shopping season!

Kevin Gemmell, BITS Security Services Manager

Scammers and cybercriminals especially target shoppers during this time of year when many people are shopping online.  Given the current pandemic, experts predict that online shopping especially will be at all-time high – which means so will cybercriminal activity. 

Our partner, Secureworks, shares these tips to keep your financial institution – and endpoint users – safe from hackers and others will ill-intentions.

Successful Holiday Season Security Habits:

1. Make sure your patches, antivirus, and endpoint security agents are up to date.
2. Check your web and email filters’ current settings and make sure they are working properly.
3. Conduct a mock phishing exercise or at least educate your team and your users about seasonal phishing attacks. It’s especially important to remind everyone about the seasonal types of attacks you may commonly see in order to increase vigilance. It may be helpful to include practical information about personal cyber self-defense in addition to company security process in order to improve concept adoption.
4. Review your visibility into your environment. Logs, security alerts, and endpoint behavioral data are all useful in spotting and stopping attacks before they progress.
5. Tune your security devices (IDS/IPS, NGFW, WAF, etc.).
6. Review your incident communication strategy with your internal security team and security partners. Verify they have the right people and the right process to use in case of suspected compromise. This may include your incident response plan.
7. Go over the results from your most recent penetration test and vulnerability scans. Have at least all of your high and critical findings been remediated or compensated for?
8. When you’re approaching the holiday season, evaluate your posture from a business perspective. What do you consider to be an acceptable risk? Should temporary controls be put in place seasonally?
9. Sign up for relevant security feeds and increase your focus on seasonal attack trends as is appropriate for your business.
10. Be thoughtful about your holiday coverage. Mature cyber adversaries know security teams are stretched thin this time of year and may use that to their advantage.

For your personal computer and devices, you need to take similar precautions:

1. Ensure that Anti-Virus software is in place and fully updated, especially on any home devices, like laptops or computers that you or your family members use. Check that all your security software is up to date.  Privacy tools, add-ons for browsers, and other patches need to be checked and updated regularly, on all your network connected devices.
2. Ensure that your Wi-Fi connection is secure. While most newer home Wi-Fi setups are setup securely during the initial installation, some older installations might not be, and that means people in the near vicinity (including hackers or others with bad intentions) can snoop on your internet traffic. Check with your internet provider or on their website for specifics to protect your home network..
3. As always, we recommend that you be on alert for emails that might get you to act quickly by clicking through links and open attachments. Be wary of any emails about problems with your credit cards, an account, shipping information, or the status of an online order.
4. Personal information is like money to hackers.  When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember, you only need to fill out required fields at checkout.
5. Use safe payment options. Credit cards are generally the safest option because they allow buyers to seek a credit from the issuer if the product isn’t delivered or isn’t what was ordered.
6. When in doubt, throw it out. Links in emails, posts, and texts are often the ways cybercriminals try to steal your information or infect your devices.
7. Be careful with debit and credit card access. If using your debit card to make purchases at a physical store, make sure to use one hand to conceal your pin entry. If your card has the security chip installed, use that method for payment instead by swiping the card.
8. Protect your hard-earned money. When shopping online, check to be sure the site is security enabled. To ensure you’re on a secure page, check to see that the URL for the page begins with “https://” and not “http://.” That “s” lets you know the site is secure, indicating extra measures to help protect your information. Most browsers will also show a lock icon in the lower right corner of the browser window to let you know you’re on a secure site.
9. Be aware of Wi-Fi hotspots.  Limit the type of business you conduct over open public Wi-Fi connections, including logging on to important accounts, such as email and banking. Adjust the security settings on your device to limit who can access your phone by using a lock screen. Make sure to not use the stores Wi-Fi you’re in as it may be compromised and not safe. Disabling Wi-Fi and Bluetooth when not in use, especially when you’re in a store is a way to make sure your phone is not compromised. A good rule of thumb is to stick to using your cellular network.
10. Be smart – and teach your household members how to safely navigate the Internet without exposing yourselves to unnecessary risk.

For more information on the Security Solutions offered by BITS, visit bits.us/security or contact Kevin Gemmell at kevin.gemmell@bits.us.