October is here, the unofficial kickoff to the holiday shopping season.
While some big box retailers are already hanging tinsel in their aisles (or maybe after the Halloween decorations come down), online shopping is expected to dominate this year, largely due to the pandemic, but because it’s just, well, easier to have packages shipped to your door.
“As a shift to digital in response to COVID-19, consumers have adapted common technology features designed for convenience,” states McAfee, a leading cybersecurity company, in its 2021 Consumer Security Mindset Report.
“But with the increase in activities online, consumers are potentially exposed to more cyber threats,” the report notes, “plus there is a discrepancy between consumers’ perceptions and actions when it comes to cybersecurity.”
In fact, about two-thirds (66%) of those surveyed said they’re “concerned” about today’s cyber risks – while online shopping, banking, and using social media – yet nearly 1 in 3 (29%) admitted they are “not confident” in their ability to prevent a cyber-attack.
Interestingly, the report also found U.S. households today have an average of 7.8 internet-connected devices – from mobile phones and tablets to computers, Smart TVs and smart speakers.
Given that October is Cybersecurity Awareness Month, here are five quick tips to protecting yourself ahead of the busy online shopping season.
Here’s a quick checklist:
1. Change your passwords already
Easy passwords can be easily cracked by cybercriminals. Resist using names of your kids or pets, or birthdays (or a combination of them).
Plus, it can be difficult to know if someone else is using your account, so you can reduce the risk by changing your password every so often (maybe every 60 to 90 days).
I once heard a funny – but clever – way to think about passwords:
“Passwords are like underwear: Change them often, don’t share them, and don’t leave them lying around.”
Also, never use the same password for all your online activity, because if a service is hacked and your password is exposed, cybercriminals may try it on another account. Out of laziness, many people use the same password for everything.
A trusted password manager app is a smart solution to using strong and different passwords for various shopping sites and other online activity.
Some cybersecurity experts say a “passphrase” is even better than a password (and easier to remember). A passphrase is a string of words, which might include numbers and symbols, too, such as “[email protected]#1!”
2. Turn on two-factor authentication
Speaking of passwords, you can make it much harder for cybercriminals by adding a second layer of defense to your online accounts, like shopping, banking, and cloud storage accounts.
Called “two-factor authentication” (or “2FA,” for short), it’s highly recommended to ensure only you are logging on.
2FA means you need to enter not only a password (or use a “biometrics” solution, such as a fingerprint or facial scan) to assure that only you can access your accounts, but also a one-time code that’s sent to your mobile phone.
In other words, 2FA combines something you know (password) with something you have (smartphone).
►Heads up: Don’t always use your phone number for two-factor authentication
3. Use good anti-malware, VPNs, and update everything
While it used to be referred to as “antivirus” software, remember to install reputable “anti-malware” (short for “malicious software”) – as it’s not just viruses you need to be concerned about, but also spyware, ransomware, worms, rootkits, and Trojan horses.
Updated annually, such as McAfee Total Protection (from $29.99/year), anti-malware software can identify, quarantine, delete and report any suspicious activity. Good cybersecurity software will automatically update itself with protection against the latest threats – but don’t forget to renew when it’s time, so you’re protected against the latest threats.
Sometimes included in your cybersecurity suite, a virtual private network (VPN) is also a good idea to use when online as it conceals your online whereabouts from those who profit from tracking your activity.
On a related note, set your software (including operating systems) to automatically update, if possible, so you don’t have to remember to do so.
Also update your hardware, such as a wireless router and printer.
► Why college students need to use a VPN: And how to pick the right one
4. Common sense prevails
While software can help, it’s important to be on guard against the myriad of threats out there.
Chances are you often receive authentic-looking emails and text messages from (what appears to be) your bank, favorite shopping site or the IRS, and it asks you to urgently click on a link to verify your info.
While it may look legitimate, this is a “phishing” scam, where a person (or program) tries to lure you into giving out personal info, such as a bank account or credit card number, social security number or passwords, with the intent to steal your identity for financial gain.
Know that organizations will never ask you to urgently confirm financial details in this manner.
When in doubt, contact the institution based on a phone number or email address you already have for them (and not one included in the message you received).
5. Back up your info
No one thinks they’ll be hit with a cyberattack, so most of us are reactive rather than proactive when it comes to protection.
But if you’re going to do at least one thing, it’s to back up your important computer files on a regular basis – just in case.
► Computer storage: How to know which style and size are right for you
This can be handled automatically, thanks to the many free scheduled backup programs available today, or manually, where it’s up to you to select which files to backup – say, in Windows Explorer (on a PC) or Finder (on a Mac) – and then copy them to an external hard drive, solid state drive (SSD), or USB thumbstick, or perhaps uploaded to a cloud account.
As the proverb goes, an ounce of prevention is worth a pound of cure.