One man, sitting indoors surounded by computers, hacking crime is in motion, rear view.
One man, sitting indoors surounded by computers, hacking crime is in motion, rear view.
By Emily Long / December 22, 2017 5:00 am

You won the holidays this year. You picked out the perfect gifts for your family members, finished (most) of your shopping early, and found amazing deals. You even think there might be a smart home hub under the tree with your name on it.

But wait. There’s a strange charge on your credit card statement and a device connected to your home Wi-Fi that doesn’t belong to you. Nothing ruins the holidays like having your personal information hacked — not even the in-laws who overstay their welcome. Here’s how you can keep yourself and your family secure all year long.

Change your passwords — right now

Updating the password for every single one of your online accounts, from your bank to Amazon, as well as your smart devices, is perhaps the single most important step you can take right now. Weak passwords leave the door to your data and your smart devices wide open. A recent report from Verizon Enterprise found that 81% of hacking-related breaches in 2016 involved stolen or weak passwords — shockingly, “123456” and “password” are still a commonly used, and easily guessed, passwords for online logins. In addition, an entire batch of smart home products may use the same simple default password, and cyber criminals know this.

“Hackers and cyber thieves usually follow the path of least resistance to break in,” says Keeper Security CEO Darren Guccione.

Adhere to basic password hygiene principles to protect your accounts, wireless routers, and smart gadgets, and use a password manager app to keep track of your logins. Some experts suggest updating passwords as often as once a month.

Spot fake websites

The holidays are peak season for cybercriminals because online purchases spike and consumers are looking for the best deals. This means that it’s easier for scammers to create fake websites that fool shoppers into entering their sensitive information, which is then used for illicit activities. If a deal looks too good to be true, it probably is. Security experts suggest being on high alert and knowing how to spot the signs.

“If you can’t communicate securely with the shopping site, then all of the information you send or receive could be intercepted along the way,” says Bryan Parno, a researcher at Carnegie Mellon’s CyLab Security and Privacy Institute. “That means your username and password, the items you look at, your credit card information, everything.”

To start, look for the HTTPS and padlock icon in your browser address bar. If you clicked a link to arrive at your destination, check to make sure the URL matches the site or company name — scammers can fool shoppers with sites that look just like the site you expect but whose domain names are a letter off. Don’t click on ads. Instead, search the product or company directly in Google. If you can’t find a social media presence or don’t see any positive reviews of the company — or any reviews at all — use caution before buying.

Use secure Wi-Fi

It’s easy to make one-click purchases from your phone when you’re out and about, but security experts caution against transmitting any personal information when connected to unsecured public Wi-Fi. Hackers can create spoofed networks or intercept your data, so if you can avoid shopping on your mobile devices, including phones, watches, and tablets, outside your home, do. Also, skip out on public computers and any devices you don’t know you can trust.

Check out as a guest

Don’t save credit card numbers, billing information, and other personal data online unless you have to. Storing for future purchases is fast, but it also leaves your information in yet another system at risk for hacks. Use the guest checkout option or when available, an external system like PayPal instead.

Keep records and receipts

During peak shopping season, check your receipts against your credit and debit statements every day. Look for transactions you don’t recognize as well as small, unexpected authorization charges. These may indicate that someone is testing out your stolen information before making a big purchase, says Andrew Bycroft, CEO of The Security Artist. Many credit card companies provide fraud protection, which means they will put a hold on your account and notify you if unusual activity is detected as well as release you from liability for charges you didn’t make.

Use one credit card for all online purchases

Bycroft adds that one big step to limit your exposure is to have a separate account or card used solely for online shopping. He suggests opening a debit account and depositing a set amount of cash, getting a credit card with a spending limit, or purchasing prepaid cards. If any of these are compromised, the amount of money and information cybercriminals can access is limited. This may also help you stick with a budget.

Don’t buy gift cards online

A gift card may be the perfect present for your hard-to-shop-for uncle or cousin, but not if it comes empty. Scammers may try to sell or auction cards to reputable stores that don’t hold any actual value. Purchase gift cards, both physical and digital, directly from the retailer.

Sign up for identity theft protection and monitoring

It’s nearly impossible for the average consumer to monitor all the places personal data can be found online. Identity theft protection services can track not only your credit and financial accounts, but also court records, databases, blogs, and black market websites. You’ll receive mobile alerts if your personal information has been compromised, and some services offer insurance, recovery assistance, and 24/7 customer support in case your data is hacked.

Separate your smart devices

The Internet of Things (IoT) has exploded, and forecasts suggest that 8.4 billion connected devices will be in operation by the end of this year. Use all of those smart home gadgets you receive this holiday season on a separate Wi-Fi network from your computer, smartphone, and devices that contain your personal data. You can also track devices that connect to your network and remove any suspicious ones.

Smart devices with audio or on-demand talk controls — Google Home and Amazon Echo, for example — are almost always listening, so turn them off when you don’t want to be overheard or shut them away in a closet or another room. Cover camera lenses when they aren’t in use.

Purchase name brands and update regularly

Don’t skimp on smart devices. Only buy name-brand products from reputable retailers you trust. Ken Mai, a senior systems scientist at Carnegie Mellon, cautions that discounted tech may be counterfeit and pose a security risk, as can products from third-party sellers. If your smart devices can run security software, install it. Always download manufacturer recommended updates as soon as they are available, as these often address security flaws. Finally, if you sell or recycle smart gadgets, do a factory reset or a secure erase to delete your data.

Use common sense

Many security risks that come with shopping online and using smart devices can be mitigated with some basic critical thinking and a little bit of research.

“Actually understand what you are doing and why you are doing it,” says cyber expert and Curricula CEO Nick Santora. “For example, if you stumble across a random website selling cheap items, think why is this? How did I get here? Do they have a reputation?”

“Basically, you are using your judgment to research, call, and engage with any business prior to making a purchase,” he adds. “Without going through this type of research, you are opening yourself up to another attack.”