Staying Cyber Safe on Christmas

As Christmas is just around the corner, making sure we’re all staying cyber-safe is immensely important. In this blog, we will walk you through the things you need to do to ensure the security of yourself, your devices, and your closest ones on the holidays.

Things to Consider

First off, cyber security and safety is not the same to all people. While some people may consider being “cyber safe” if they use a password manager to log in to websites while Christmas shopping, some may understand cyber safety differently – managers of software teams would be most concerned about keeping their employees informed about the threats that they might face when working, security engineers would be concerned about the software going down, keeping software up to date, and ensuring the integrity of backups, etc.

We will go through the list of things that are important to different people.

Christmas Cyber Safety for Shoppers

Most of us that aren’t in the cyber security industry, think about cyber security as a way to protect ourselves from malicious parties when performing Christmas shopping. Here are a couple of tips to help protect yourself and your most precious data when doing so:

• Prepare a list of websites you will be shopping on beforehand. Aside from checking on the delivery dates of certain items and their prices, check whether the website is being used by many people (i.e. whether it’s trusted), and on its basic security measures – whether it’s using SSL (you should see a padlock near the URL), whether it’s design is pleasurable to the eye (good design is usually a very good indicator of the website’s performance in other areas), and if possible, take a look at the website’s ratings on TrustPilot.
• If you receive suspicious-looking SMS or email messages (messages like “click here if you want to upgrade X”, “click here for a discount when shopping for X on Christmas, etc.”), it’s best to ignore them. Be aware of phishing – phishing campaigns usually become stronger around the holidays and tend to die down afterwards.
• If you must create an account to buy a product, ensure that the password for the account is unique (password managers help with this immensely), and you might also want to consider signing up with an email that looks something like “youremail+websitename” to filter out all of the emails coming from the shop in your email inbox. Signing up with such an email alias routs all of the emails to “youremail”, but since you’ve signed up with the “+websitename” added to your email address, you will know from where the possible spam is coming from. Easy and useful!

Christmas Cyber Safety for Software Engineers

Software engineers usually look at cyber security from a different perspective, and that’s understandable – after all, working with software is their day-to-day job. Many software engineers would probably already have a couple of plugins running within their browser to stay safe, some of them might be aware of the capabilities provided by password managers and use them to generate secure passwords when shopping, some of them may be aware of data leaks and data breaches that have impacted them in the past – as such, providing advice to them is a little different than providing it to cyber-unaware shoppers.

Many software engineers, as well as cyber security professionals, turn their gaze towards cyber security-enhancing tools such as 1Password or LastPass for password management, proxy and VPN solutions to hide their IP address for anonymity and security when shopping, and the BreachDirectory data breach search engine and API capability to better protect their data in the future. Such tools help them shoot a couple of rabbits with one shot:

• Password managers like 1Password, LastPass, and the like help them generate strong and secure passwords when buying items for their loved ones.
• By making use of VPN solutions, they are able to purchase items on open, unsecured VPN networks (that may be an option if all other Wi-Fi networks are with a password) and make use of the benefits provided by VPN networks as well as keep being anonymous if that’s important to them.
• Data breach search engines like the one provided by BreachDirectory help them figure out whether they’re at risk of identity theft and if so, provide them with valuable advice in regard to what they should do next. Such data breach engines are also able to inform people once their account appears in a data breach in the future and suggest when people should change their passwords.
• Data breach search engine API solutions like the BreachDirectory API help individuals, universities, and companies better secure their applications and projects by providing a venue to conduct OSINT operations. By utilizing the data found in data leaks and data breaches, people can be more easily informed about the threats posed to their applications and improve their security stance.

Christmas Cyber Safety for Security Engineers

Security engineers are in a very similar line of work to that of software developers – to stay cyber-safe during Christmas, most of them also employ software solutions that help them shop safely (password managers and VPN solutions come into mind), but the whole picture looks different to them as they tend to look deeper. Aside from the aforementioned things, they also look at the following aspects:

• Phishing – many security engineers have plugins within their browsers or have configured their email clients in such a way that detects and informs them about a possible phishing message. As cyber experts are knowledgeable about the things happening in the industry, they also educate themselves on the types of phishing (general phishing, spear phishing, whaling, etc.) and most of them also know how to act in certain scenarios. As such, more frequent phishing campaigns during Christmas time don’t bother them very much – they either ignore emails, calls, and messages that look suspicious, or know how to act to not fall victim to attacks.
• Ransomware – every security engineer knows what ransomware can do, so they keep their computers and servers updated in order to not fall victim to ransomware attacks now or in the future. Protection from ransomware is especially important around Christmas – there are many applications that aim to infect computers and servers, lock up their data and demand a ransom, and since people are being asked to pay with bitcoin (BTC) or other cryptocurrencies, attackers are usually able to remain anonymous and there are no guarantees that the data will be unlocked after payment.
• Human error – most security engineers working at good companies are tasked with issuing monthly, quarterly, or annual security updates to other team members, meaning that they prepare cyber security training for other, less cyber-experienced colleagues within the company, ensure that the code of the application is strenuously tested, protected with a firewall and can withstand attacks, and do other things to avoid human error. As such, they’re well prepared to respond to cyber attacks targeting them – and avoid human errors as a result.

Christmas Cyber Safety for Managers and Other People

Those who manage software, marketing, or other teams within a company generally are also well-versed in a couple of cyber-security concepts. In many cases, their knowledge is sufficient to protect against basic threats in cyberspace, but they might need some guidance when protecting themselves during Christmas time. While phishing might be familiar to the majority of managers within a wide sphere of companies, not all managers might be aware of the multiple types of phishing that can target a company, etc.

Same with people not falling in any of the aforementioned categories – as such, it’s recommended that they follow the latest developments in cyberspace, install a couple of privacy-preserving plugins into their browsers, and follow the advice given to them by security professionals. Making use of data breach search engines such as the one provided by BreachDirectory will also help them immensely.

Summary

In this blog, we have walked you through a couple of measures that you can employ to stay safe around Christmas time. The holidays are full of cheer – don’t let cybercriminals take it away from you! We hope that this blog post has provided you with some valuable information that you can employ to stay safe, stay around the blog for more information on combatting cybercrime, and until next time!