October is autumn, falling leaves, sweaters, cardigans and Halloween. But it is also the National Cybersecurity Awareness Month (NCSAM). NCSAM 2019 focuses on personal accountability. Driven through mass public engagement, the ‘Own IT. Secure IT. Protect IT.’ theme will help to encourage personal accountability and proactive behavior in digital privacy, cybersecurity best practices, common cyber threats and cybersecurity careers.
For the whole month of October Bora is running a series of articles, which will focus on the NCSAM 2019 theme. The previous articles discussed Privacy Basics, How Not to Get Phished, and how to be Safe at Home.
The retail industry took a 180-degree turn with the emergence of online shopping. With the speed and convenience of online retail, it has become easier for consumers to get what they want when they want it. Moreover, it allows many businesses to operate without the need for a physical store. The statistics are compelling: The global online shopping market size is predicted to hit more than $4 trillion in 2020, while 10% of total retail sales in the US come from eCommerce sales. 69% of Americans have shopped online, and 1 in every 4 online consumers purchase from eStores once a week.
From the convenience of making purchases at your fingertips and next-day delivery to getting great deals and the endless catalogue of purchasable items, online shopping has only grown in popularity. While the increased availability of online shopping is convenient, it also makes it more lucrative for scammers to trick buyers into paying for goods they won’t receive or obtain their personal information for financial gain.
It’s important to take steps to protect yourself when shopping online. So, what can you do about it?
Being a safe and secure shopper starts with STOP. THINK. CONNECT.™: Take security precautions, think about the consequences of your actions online and enjoy the conveniences of technology with peace of mind while you shop online.
Tips to help for shopping safely online
- Make your purchases from well-known and trusted websites. If you choose to make a purchase from a new website, research it. Read reviews and see if other consumers have had a positive or negative experience with this site.
- Many online retailers choose to promote their business through emails. At the same time, phishing is the preferred way cybercriminals use to trick users into revealing personal and sensitive information. Links in emails, posts and texts are often how cybercriminals try to steal your information or infect your devices. Be very careful when you receive promotional email, they may be impersonating well-known brands. Double check the links if they redirect to other rogue sites. If you are in doubt, or if it sounds too good to be true, throw it out.
- Your personal information is like money, valuable. Protect it. When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure that the vendor is collecting the information necessary for completing the transaction. Remember, you only need to fill out the required fields at checkout.
- Use safe payment options. Credit cards are generally the safest option because they allow buyers to seek a credit from the issuer if the product isn’t delivered or isn’t what was ordered. In addition, it is advised to use a Virtual Private Network (VPN) when connecting to an eCommerce site. VPN allows you to hide your personal and credit card data from prying eyes.
- Before you make an online purchase, read the “small print”, the return policy and other terms and conditions. Make sure you understand them, and you agree with them. This might be quite useful if things don’t turn up as expected. It will save you disappointments, frustration and money.
- Make sure the retailer’s site is secured. Look at the web address for the green padlock and the https identifier. Both signs indicate that the owner of the site is encrypting your data to protect them from eavesdropping. In addition, these security features authenticate that the retailer is who he says. If you notice a warning that the site you are visiting is not secure, leave and do not enter any personal data.
- Keep your device clean and updated. Install an internet security suite (we used to call them antivirus) on all your devices, including desktops, laptops, smartphones and tablets, to protect you from online threats. Keep all software – Windows, Android, applications – on your devices up to date to reduce the risk of infection from malwareWhat is Malware?Malware, a portmanteau of "malicious software," constitutes a broad category of software specifically designed to infiltrate, damage, or disrupt computer systems, networks, and devices without the user's consent.... To do that, enable the automatic update feature.
- Fortify your online accounts by activating multi-factor authenticationWhat is Authentication?Authentication is the process by which the identity of a user or system is verified. It ensures that the entity attempting to access a resource is who or... on all online services. Multi-factor authentication, commonly known as two-factor authentication or 2FA, allows you to authenticate yourself using something you know – your password – with something you have – usually your mobile phone. This feature will enable strong authentication with the use of biometrics, security keys or a unique one-time code through an authentication app on your mobile device. Your usernames and passphrases alone are not enough to protect key accounts like email, banking and social media.
- Make your strong passphrase a sentence. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love going shopping”). You could also replace letters with numbers or special characters to make the passphrase even stronger (i.e. the previous phrase will turn into “1 l@v3 G0ing $Hop21n9”). Since remembering complex passphrases can be very difficult, you can use special applications, called password managers (such as LastPass or Dashlane). As an alternative, you can use a secret password notebook and write down your strong passwords.
- For every unique account, use a unique strong passphrase. Having separate passphrases for every account helps to thwart cybercriminals. If you use the same passphrase across multiple sites/accounts and this gets breached, the criminal will get immediate access to all accounts with the same passphrase. It is like having a “pass par tout” key for all the houses in the neighborhood. You wouldn’t want that, would you?
- Despite the convenience of online shopping, you may choose to go shopping – which a good idea sometimes! But, while you are looking for that gadget you would like to buy or for a present for your best friend, be careful. Some stores look for devices with WiFi or Bluetooth turned on to track your movements while you are within range to offer personalized ads. This is mostly done via location tracking through the stores’ app. When you install such an app, do not enable the app to access your location through your GPS. While on the move, turn off your WiFi and Bluetooth when not in use.
- Be aware of public WiFi hotspots. Malls and shopping centers offer a variety of services, such as cozy restaurants and cafeterias, as well as free WiFi connectivity. Although this is convenient, it comes with a security and privacy cost. Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Free WiFi networks are a favorite attack by cybercriminals. They can set up a rogue WiFi network that looks like the legitimate one, seeking to eavesdrop your communications, steal your credentials and, ultimately, got hold of your banking account. Next time you enjoy your meal, think about it and turn off the WiFi connectivity of your smartphone. In fact, you should always turn it off when you are on the move. And if there is a need to connect to the internet using a free WiFi service, connect using a Virtual Private Network (VPN) service. VPNs create encrypted, secure tunnels that prevent malicious actors from manipulating your private communications.