The holiday season is a time of family, friends, food, travel, and shopping. All of these traditions are great, but security is often the last thing on our to-do lists. Our gift to you is peace of mind. Imagine it as a basket of tips to secure your devices and accounts before heading off to grandmas, to ensure a safe holiday season.
Below you’ll find some quick tips for a safe and secure holiday. We recognize there are a lot more ways to increase security than recommended here, but it’s a good start. There are 12 days left until Christmas — if needed, pick one a day leading up to the 25th for an easy implementation.
1. Update & patch.
Make sure all applications, software, and patches are up to date and functioning properly. Weaknesses in apps and software are exploited by hackers and can quickly compromise accounts. Keep information safe by ensuring firewalls, malware detectors, and anti-virus scanners are updated and working well. The pesky software updates are worth the vulnerabilities they fix.
2. Backup everything important.
If you care about something, back it up. Encrypt highly sensitive information. Be sure to lock up any storage device with strong passwords and multi-factor authentication.
3. Avoid shared networks.
Do not, we repeat, do NOT shop online on a shared network. This means any network (i.e. WiFi at Starbucks) that is public and available to anyone. As soon as someone accesses the network you are on, they can access your devices and the information on them a whole lot easier.
Do not enter credit card information or other personal information when using a shared network. When browsing or shopping online, use a private network, such as a VPN.
4. Set up multi-factor authentication.
Increase security maturity by implementing a multi-factor authentication (MFA) application on all of your accounts and devices. MFA is a method of authentication using 1) something you know 2) something you have or 3) something you are to identify if you are who you claim you are when logging into a device or application. We recommend using an MFA app, such as Duo.
5. Too good to be true? Probably so.
‘Tis the season for killer deals and good bargains. ‘Tis also the season for more fraud and scams. If a deal seems too good to be true from an uncommon company or site, it most likely is too good to be true. Don’t fall for it. Be wary of extreme sales. Search for reviews of products and companies before purchasing anything online.
6. Post on social media AFTER vacation.
We know that you want to show off the adorable snowman you made while visiting your cousins in Milwaukee…but don’t post about it (and especially don’t geo-tag it) until you have safely arrived back at home. Posting on social media during a vacation can increase chance of robbery, and in some cases can even invalidate insurance. Be aware. Unfortunately, your family and friends are not the only ones watching your social feeds.
7. Click carefully. Be wary of links & attachments.
One click can unleash chaos on a device.
Social engineers are getting more clever and cunning. Don’t click on or answer unsolicited emails or phone calls. If you didn’t instigate a conversation, you should also be skeptical of a solicitor’s intentions. You never know who is on the other side of that screen.
8. Go without Admin Privileges
Run your computer without admin privileges. Limiting the amount of access a user (including you) has to major controls when unnecessary can prevent hackers from accessing the same privileges. The extra prompts will pay off.
9. Change passwords strategically.
Changing passwords frequently can lead to bad password hygiene. With so many passwords to keep track of, people often get lazy or choose easy-to-remember codes. Instead of changing passwords every month, consider changing passwords strategically.
Password managers, like LastPass, help keep track of passwords and can help to know when to change them. Here are some of their recommendations for when the time is right:
- After a service discloses a security incident.
- There is evidence of unauthorized access to your account.
- There is evidence of malware or other compromise of your device.
- You shared access to an account with someone else and they no longer use the login.
- You logged in to the account on a shared or public computer (such as at a library or hotel).
- It’s been a year or more since you last changed the password, especially if you don’t have multi-factor authentication enabled.
10. Increase password complexity & length.
Silent Break Security recently released the Top Cracked Passwords of 2018. The most common passwords all had the same elements — they were too simple. We’ve said it and we’ll say it again, P@ssword123! does not cut it anymore.
Two of the biggest factors of password strength are complexity and length of the password. We recommend mixing alphanumerical characters of both cases with special characters such as !@#$%^&*. Passwords should be at least 16 characters long.
11. Assure secure connection.
Check the URL at the top of the screen. A secure connection will show a little padlock icon on the left of the URL and the address will start with https://
If a connection is not secure, do not enter any personal information as it is not safe. As aforementioned, public networks or connections with unknown security status are easily accessible by hackers.
12. Remove unnecessary sensitive data.
Have a PDF of your Social Security card floating around your desktop? What about your drivers license? Did you send it over email? While these things are a security nightmare, prevent another mistake by removing any sensitive or personal information. Make sure information and data on your computer or device is absolutely necessary. Do not send SSNs and other sensitive information over email. Be sure all communication of value is encrypted and secure before sending.
Let’s make 2019 a more secure year for everyone. Have a happy and safe holiday season!