The holiday season is here! It’s time for my annual cybersecurity reminder!
Before we bask in the warm glow of the holidays, let’s talk about security and how to protect yourself on travel and from scams and malware.
Holiday Traveling with Personal Internet-Enabled Devices
Know the risks –
Your smartphone, tablet, or other device is a full-fledged computer. It is susceptible to risks inherent in online transactions. When shopping, banking, or sharing personal information online, take the same precautions with your smartphone or other devices that you do with your personal computer — and then some. Its portability and mobility mean that you should also take precautions for the physical security of your device and consider the way you are accessing the internet.
Do not use public Wi-Fi networks – I know this is harsh, but seriously…
Avoid using open Wi-Fi networks to conduct personal business, bank, or shop online. Open Wi-Fi networks at places such as airports, coffee shops, and other public locations present an opportunity for attackers to intercept sensitive information that you would provide to complete an online transaction.
If you must check your bank balance or make an online purchase while you are traveling, turn off your device’s Wi-Fi connection and use your mobile device’s cellular data internet connection instead of making the transaction over an unsecured Wi-Fi network.
Another possibility: Use a VPN.
Do not use Hotel Computer Centers –
Avoid using hotel-provided computers and printers. If it’s unavoidable, please do not save your username and passwords to the browser, delete any temp files and internet cached info.
Turn off Bluetooth when not in use –
Bluetooth-enabled accessories can be helpful, such as earpieces for hands-free talking and external keyboards for ease of typing. When these devices are not in use, turn off the Bluetooth setting on your phone. Cybercriminals have the capability to pair with your phone’s open Bluetooth connection when you are not using it and steal personal information.
Be cautious when charging –
Avoid connecting your mobile device to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library. Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in ways that a user may not anticipate. As a result, a malicious computer could gain access to your sensitive data or install new software.
Don’t fall victim to phishing scams –
If you are in shopping mode, an email that appears to be from a legitimate retailer might be difficult to resist. If the deal looks too good to be true, or the link in the email or attachment to the text seems suspicious, do not click on it! Use your bookmarked link or google the URL. Do an internet search on the offers or emails to see if they are legit.
Passwords and Two-Factor Authentication
– Set up 2FA preferably using an authentication app or token like Yubikey. SMS is better than nothing but not perfect. Set up a passcode on your mobile account to prevent unauthorized porting of your phone number so thieves cannot intercept your text messages.
– Do NOT reuse passwords. Make them complicated with a mix of upper and lower case letters, symbols, and numbers. Don’t use words found in dictionaries. Consider using a password manager.
– Lie on all your security questions and remember your lies!
– Do not take FB quizzes that can be used for data mining.
What to do if your accounts are compromised –
If you notice that one of your online accounts has been hacked, call the bank, store, or credit card company that owns your account. Reporting fraud in a timely manner helps minimize the impact and lessens your personal liability. It would help if you also changed your account passwords for any online services associated with your mobile device using a different computer that you control. If you are the victim of identity theft, additional information is available from https://www.idtheft.gov/ .
What to do if you lose a device –
Wipe it remotely.
– For iOS, https://support.apple.com/kb/ph2701?locale=en_US and use Find My iPhone to erase it.
– For Android, https://support.google.com/accounts/answer/6160491?hl=en
– I bet some of my FI friends still have a Windows phone, so…
For Windows, log into OWA and look for mobile devices in settings to erase it. https://support.microsoft.com/en-us/help/2791863/how-to-use-outlook-web-app-to-remotely-wipe-an-activesync-device-in-of
Holiday Scams and Malware Campaigns
As the holidays approach, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be aware of seasonal scams and malware campaigns. Users should be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and requests for donations from fraudulent charitable organizations, which could result in security breaches, identity theft, or financial loss.
CISA recommends the following actions:
· Use caution when browsing the internet, shopping online, and using email.
· Avoid clicking on links or opening attachments in unsolicited emails.
· Be wary of fraudulent social media pleas, calls, texts, websites, and door-to-door solicitations for donations to charities.
If you believe you are a victim of a scam or malware campaign, consider the following actions:
· Contact your financial institution immediately, and close any accounts that may have been compromised. Watch for any unexplainable charges to your accounts.
· Immediately change any passwords you might have revealed. Avoid reusing passwords.
· Report the attack to the police, and file reports with the Federal Trade Commission and the FBI’s Internet Crime Complaint Center.
