Editor’s Note: Jen Easterly is the director of the Cybersecurity and Infrastructure Security Agency (CISA), leading the national effort to understand, manage, and reduce risk to cyber and physical infrastructure.
Cyber Monday is here, and while millions of Americans will be looking for the best deals the internet has to offer, cyber criminals will be hard at work looking to target online shoppers.
The holiday shopping season is a prime opportunity for bad actors to take advantage of unsuspecting shoppers through fake websites, malicious links, and even fake charities. Their goal is simple: get a hold of your personal and financial information to compromise your data, insert malicious software, steal your identity and take your money.
And if you think you’re not worth being the target of such bad actors, think again. Criminals don’t need to know how much is in your bank account to want to get into it. Your identity, your financial data, what’s in your email – it’s all valuable, and cyber criminals will cast as wide a net as possible to get to anyone they can. In fact, they’re counting on you to think you’re not a target.
At the Cybersecurity and Infrastructure Security Agency (CISA) we’ve put together a few easy steps to help prevent you from becoming a victim of cyber-crime this holiday season.
Start by protecting your devices
Mobile phones, computers, and tablets all ask you to install software updates, which include the latest security features and patches. Protect your devices by downloading the latest software updates. The easiest way to do this is to enable automatic updates.
Next, take a look at your online accounts and make sure they have strong passwords. Believe it or not, the most common password is “password” followed by “123456.” Make sure you use different and complex passwords for each account. Consider using a password manager so you don’t have to remember the complex alphanumeric combinations that make passwords harder to crack.
Turn on multi-factor authentication
The most important thing you can do to protect your online accounts is to implement multi-factor authentication. Your email, your online bank, social media accounts should all allow you to turn on multi-factor authentication. This means they’ll use an additional piece of information to verify your identity. It can be something as simple as receiving a code via text message, but for even greater security, you can use a security key or authenticator app.
The bottom line with multi-factor authentication is that even if an attacker obtains your password, they may not be able to access your account. This extra step alone makes you 99% less likely to get hacked.
Know how to spot phishing scams
Most of us receive emails from retailers about special offers during the holidays. Cyber criminals will often send phishing emails that are designed to look like they’re from retailers but are actually designed to steal your information or infect your system with malware.
To avoid being a victim of a phishing scam, don’t click links or download attachments unless you’re confident of where they came from. If you’re unsure if an email is legitimate, type the URL of the retailer or other company into your web browser as opposed to clicking the link.
Never provide your password, or personal or financial information in response to an unsolicited email. Legitimate businesses will not email you asking for this information. If you receive a suspicious email that you think may be a phishing scam, you can report it at us-cert.gov/report-phishing.
Trust your instincts! If it looks suspicious, it probably is. That’s why before providing any personal or financial information, make sure you are interacting with an actual vendor.
Always use safe methods for purchases.
Always assume a public Wi-Fi network isn’t secure, and therefore don’t access sensitive personal or financial information if you need to use one. Look for “https” (versus just “http”) in the subject line of a web address to confirm that a site is encrypted and keep your browser and security software up to date.
If you can, use a credit card as opposed to a debit card when making a purchase. Criminals can use debit cards to steal directly from your bank account, and while there are laws to limit your liability for fraudulent credit card charges you may not have the same level of protection for your debit cards and your bank account.
Since you’ll likely make more purchases over the holiday season, be sure to check your credit card and bank statements frequently for any fraudulent charges. Immediately notify your bank or financial institution and local law enforcement if you see suspicious charges.
Ultimately, good cybersecurity is not about technology – it’s about people
Your cyber safety should be treated like your physical safety. Stay vigilant, take the above steps to protect yourself, and trust your instincts. If you see something that doesn’t look right, there’s a good chance it isn’t.