5 Ways to Stay Safe Online on Black Friday, Cyber Monday

Thanksgiving is just around the corner in the U.S., and so are Black Friday and Cyber Monday, two of the busiest shopping days of the year. It's also a peak period for malware, phishing and spam. Since employees are increasingly using their own devices to access corporate resources (or simply using a work PC to sneak in a little shopping on Cyber Monday), it's a good idea to share some best practices with your users to help protect them and your network from threats.

"You could tell them no," says Bob Bunge, professor of Cyber Security in the College of Engineering and Information Sciences at DeVry University. "In some circumstances, that's absolutely what you should be telling them. Don't use the office network for retail. It's just a bad idea, period. It's a lousy, bad thing to do."

However, employees often don't perceive the security threat as acutely as IT managers do, so a few pointers on keeping safe are a good idea. After all, shopping sites are among the top malware-infected sites on the Web, according to Symantec.

Five Best Practices to Stay Safe Online

When it comes to dodging malware and phishing attacks, there are a few simple things you can watch for on shopping sites to help keep you safe:

Look for an HTTPS and/or padlock in the address bar before submitting personal information on a website. This is a sign that the site is leveraging the SSL/TLS cryptographic protocol to secure your communications with the website in question. This helps protect against man-in-the-middle attacks that allow an attacker to intercept your communications with the site and inject new ones.

Look for your browser address bar to light up green. This is an indication that the identity of the website you're visiting has been strictly validated with an Extended Validation Certificate. In other words, you really are at the website of the merchant you're trying to shop with rather than fake site created by a malicious attacker to fool you into sharing personal information.

Look for a trust seal. Many merchant websites bear trust seals, usually at the bottom of the home page or on pages where you are asked to provide personal information. They come in many different shapes, sizes and colors and are used to verify a number of different claims about a website, from its use of data encryption to its status as a legitimate business entity. For instance, the TRUSTe seal is a privacy seal that indicates TRUSTe has reviewed the site's privacy policy, while the Verisign Trust Seal verifies the identity of a website's owner and operator and that the site is subject to daily malware scans and uses verified data encryption. Scammers can forge a legitimate seal, so you should always verify a trust seal's authenticity by clicking on it and checking the seal's validation page.

If an offer in an online ad or email sounds too good to be true, avoid it. These are often lures to infect you with malware or gather your personal information. "If it sounds scammy, it's probably scammy," Bunge says. "If I had to cut a large IT security training program into just a paragraph or so, probably the first thing I'd say is 'Don't click on that link!' The whole phishing industry nowadays is based on finding ever more creative ways to get you to click on some link.

Use good passwords. Pay attention to the passwords for your email, social networking and online banking accounts. Don't use the same one for everything. "Add up the asset value of everything in the world you have attached to that password," Bunge says. "All your email, all your online storage, all your credit cards and bank accountsthat's an awful lot of asset attached to just one password." Symantec recommends you use passwords that are at least eight characters, a random mixture of upper and lower case characters (including numbers, punctuation and symbols) and are not found in the dictionary. Additionally, never use the same password twice and change your passwords every six months.

"My main advice to consumers is to get yourself simple, reliable routines," Bunge says. "Find three, four or five online merchants that you trust and stick to known commodities. If you do want to branch out and surf the general Internet and try some merchants you haven't work with before, do some research. Put the name of the merchant in a search engine and see how often "fraud" or "rip off" pop up.

Tags security

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Security for Enterprise

Encrypt data with easy-to-use key management for virtual, private, and public cloud environments with Trend Micro SecureCloud™.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.