6 Holiday Tips to Stay Safe When Browsing Online

Dec 6, 2016

As 2016 draws to a close, and the holiday rush of online shopping is in full swing, I thought it would be a great time to recap some tips to stay safe online. No one should have to deal with the painful aftermath of a compromised online account.

1) Use different passwords. Seriously.

With the unfortunate continued database dumps of private information being released, passwords will be leaked. Imagine if you use the same password on your bank website as you do on a social network. Exact passwords on multiple websites allow attackers to pivot attacks to multiple services after “owning” one of them. This can be simply avoided by using different passwords, but I know this is difficult to do. This gives rise to password managers, which securely generate a random password for each service and remember them for you. My favorite is 1Password, which, leveraged with Dropbox, keeps my password vault synced no matter where I go.

2) Look for the lock icon.

Online shopping is here to stay, but steps have to be taken when entering information online to ensure your data entered is safe. Web browsers have made this easier by placing a lock (sometimes green depending on the certificate) on sites that are secure. This means that information sent between you and the website is secured during transit. Look for this icon before you enter any credit card information.

browser online lock icon screen-shot-2016-12-02-at-4-54-54-pm screen-shot-2016-12-02-at-4-55-03-pm

3) Updates aren’t always bad.

People regularly ask me why they should update their software if nothing is wrong. This is especially the case if updates tend to change software that users have become accustomed to using. Some users will start to avoid updates entirely as the perceived problems are greater than the perceived benefits. Security is an ever evolving beast, so staying up to date on software ensures that you are protected. Not updating software makes you an easy target, regardless of how securely you act. Don’t ignore that Java update anymore!

4) Don’t blindly click links from emails.

Any company emailing you asking you to verify information is already suspicious as hell, but we can learn a trick right now. This is a link to google.com, notice the hyperlink means it is clickable. Hover your mouse over that link and in the bottom left corner of your screen you should see the location this link is going. Watch how easily I can trick you. This is another link google.com which appears to be going to Google, but it isn’t. Hover your mouse over that link, and you will see it actually redirects you to Yahoo.

This trick is used in phishing emails all the time. The URL may appear to be from a reputable familiar site, but in fact you are being redirected to a fake site that looks almost the same as the intended site. Don’t fall for these tricks. These emails should be in your trash.

5) Trust your instincts. Friends & family are fine.

A common tactic after taking control of an email account is to spam an email to the entire address box of the victim. The email might be a story about how the victim is lost in a foreign country without a passport and needs some money. There are so many variations of these emails, but read the email carefully and you should notice the grammar doesn’t match that of your friend and something just doesn’t feel right. A simple call/text to your friend can confirm this. Their account has more than likely been hacked, so do not fall for anything they are asking for.

6) Two-factor authentication is very helpful.

As mentioned earlier in this post, passwords are constantly being leaked. Thankfully popular sites offer what’s called “2 Factor Authentication.” As the name suggests, in addition to a password you require a secondary code that is usually generated/sent to your mobile phone. This 2nd layer of protection ensures that even if someone obtains your password (whether your fault or not), you have a 2nd line of defense for protecting accounts you care about.

 

Those were just a few tips, but I’ll leave you with a funny comic depicting the evolution of passwords. Thanks to xkcd.

password safe security comic - xkcd

RECENT POSTS

The Agile Manifesto in Practice: Part 1

The Agile Manifesto in Practice: Part 1

  How Sourcetoad Values People Over Process The software development process can involve a lot of uncertainty for both development teams and clients alike, especially in the early phases of a project. How can the long-term vision of an application be balanced...

What to Consider When Building HIPAA-Compliant Software

What to Consider When Building HIPAA-Compliant Software

In 1999, the Department of Health and Human Services (HHS) passed the Health Insurance Portability and Accountability Act (HIPAA) as a measure to protect personal health information (PHI) and allow people control of their healthcare records. The HITECH Act was enacted...

The Evolution of Buy Now, Pay Later in eCommerce: Part 2

The Evolution of Buy Now, Pay Later in eCommerce: Part 2

In Part 1, we talked about the rapid growth of Buy Now, Pay Later (BNPL) and discussed its expansion across industries. In Part 2, we will consider how impending regulation may shake up the short-term lending space.   Impending Regulation of BNPL While consumers...