Alex Hinchcliffe, Threat Intelligence Analyst at Palo Alto Networks shares top 13 tips to be safe while shopping online on Cyber Monday.
1. Use a Password Manager: Although not all devices can use password managers directly, it’s still one of the best and easiest things you can set up. PCs and Macs, as well as smartphones and tablets increasingly support the use of password managers directly. But even for devices that don’t, you can and should use a password manager to generate and store strong passwords. Preferably, find a password manager that requires multi-factor authentication for extra protection. There is no excuse for not having totally unique (and complex) passwords for every single online account you have, whether for gaming, shopping, banking and so on.
2. Protect Your Home Routers and Wi-Fi: In a home of computers, phones, tablets and other IoT devices, the common point of connection is usually the home router and Wi-Fi. For most, it’s something they set up once and forget about. But to keep all home devices more secure, you need to make sure the underlying router and Wi-Fi are better protected. Take time to ensure you have a good, complex, unguessable password. This is where a password manager can help. You may consider configuring it to not broadcast the SSID as well: that can make adding devices a little harder, but that means it’s even trickier for people to try and break into your home network.
3. Set up More Secure Accounts on Your PCs and Macs: PCs and Macs are essential items in the household nowadays. Take time to set up an account for the whole family, with individual usernames and passwords. All modern operating systems allow you to make “regular user” accounts rather than admin accounts. Set everyone up as a “regular user” and create a separate administrative account to use for maintenance. If you have kids, avoid the temptation of letting them all use one account/accounts without passwords – this is a chance for them to learn the importance of password protection and be conscious of keeping theirs safe!
4. Prevent Lost Tablets and Smartphones from Turning into Something Worse: Handheld devices means an increased risk of loss or theft. These days, our mobile phones often have greater access to more sensitive information than our PCs and Macs do. Whether it’s mobile banking apps, wallet apps or stored credit cards, you definitely wouldn’t want these to fall into the wrong hands unprotected. All modern tablets and smartphones have settings you should enable before you take these devices out of your home:
a. Passcodes to lock the device.
b. Encryption of information.
c. Lost device tracker.
d. Deleting or “wiping” data if too many bad passcodes are tried or if you activate it remotely.
5. Protect your Data on Smartwatches and Personal Fitness Devices: Smartwatches and personal fitness devices are similar to smartphones and tablets as they share some of the same features. In addition to using those, you should take time to ensure you know what health information is being used and that the cloud account(s) these devices synchronise with have very strong passwords. These devices gather some of your most personal information, and in some cases the most serious risk isn’t around the device but the data being stored in the cloud.
6. Be Smart with Your Smart Home: Smart home is an umbrella term for a diverse set of devices that have one thing in common: they all feature some kind of internet connectivity. Each and every device will have its own security and privacy settings, so it pays to take time to understand those BEFORE they go live in your home. Across the board though, making sure your home router and Wi-Fi have good security and that you’re using good, strong unique passwords when pairing devices with apps (where possible) are easy things you can do for all these devices.
7. Don’t Forget About Home Entertainment Apps, TVs and DVRs: When we think about home entertainment, there’s really two things you need to think about with security. First is the security of the devices themselves. In nearly all cases, good security around home routers and Wi-Fi will be the best thing you can do for the devices. But home entertainment isn’t just the physical devices. It’s the apps you use to view content. All apps like those from Netflix, Amazon, Hulu and others have their own passwords to connect to their service, and attackers crack and sell compromised accounts to these services. Because of this, make sure you’re using strong, unique passwords for the apps you use on these devices. This will also protect these apps on your tablets, smartphones, PCs and Macs.
8. Whilst You’re at It, Protect Your Gaming Consoles: Similar to home entertainment devices, gaming consoles have both the security of the actual device and then the security of the cloud-based accounts to deal with. Just like with home entertainment devices, it’s the cloud-based account that attackers are more interested in. Here again, taking time to set up strong, unique passwords is key. Also, many gaming platforms now include a second means of authentication (typically a text sent to your phone), which you should enable for extra security.
9. Configure User Profiles for Voice Assistants: Voice assistants are some of the most popular, new devices out there, which means they’re the least known and understood. The biggest risk that’s been popularly discussed is voice command hijacking by outside sources. For these devices, take time to configure individual user profiles as much as possible. Many of these devices also feature mute buttons that can functionally turn them off when you don’t need them. If you haven’t been using it already, make a start now.
10. Use Smart Speakers Smartly: Smart speakers can be thought of as a subset of voice assistants in that they are voice-activated devices in your home. Many have digital home assistants built into them, making the distinction even less clear. This means that what you would do for your digital home assistant security would apply to smart speakers as well. However, one thing to consider is if all you really want or need is a smart music device, it may make sense to keep your purchases focused on devices that meet that sole need. This can improve your security by reducing the risk posed by features that you don’t want or need in your home.
11. Drive Safely and Securely with Smart Cars: While “car hacking” is something that you see in the news, the reality is that practical smart car security is more common than headlines may lead you to believe. A key differentiating feature with smart cars is they often have “smart” lock and ignition systems that are tied to fobs and/or your devices (like a smartphone). Best practice in this case means building on the good security around other devices and good physical security. Ensure that any connected smart devices have good security, especially to protect against loss or theft. Make sure you only give fobs to people that you trust and ensure that any cloud-connected accounts have good passwords and use a second authentication method, if possible.
12. Only keep trusted apps on your mobile: The first thing to consider when installing apps is whether you trust them. This is so you don’t unknowingly grant access to apps that may include unwanted extra features and can access your sensitive data, like contacts and messages, or perform malicious behaviours. Avoiding 3rd party app stores and sticking to Google Play store and Apple App store also adds another security layer to your phone, as these platforms will have rooted out any malicious apps from appearing in their selections. Much like patching Operating System and application files on PCs, Android and apps developed for the platform also receive security updates from Google and app developers to remove vulnerabilities and improve features, including security.
13. Patch, Patch and Patch Some More: We close this list with patching because it is the most important thing you can do. By patching, we refer to the security updates you’re constantly reminded of when they come through, requiring you to be without the device for 5 minutes as it updates the current system. This is essential for device security as a new patch could include new information and software to deal with current cyber threats. Make sure you patch it before your devices catch it.