The holidays are, above all, a time of extreme abundance. From the volume of booze and treats consumed to the money we collectively blow or humanity’s carbon footprint, if you can plot it on a horizontal axis, chances are it would start sloping upward pretty dramatically right about now.
Cybersecurity threats are no exception. Like so many things, the risks to our online safety and privacy are about to proliferate as the holiday shopping frenzy begins. From bogus e-commerce sites, fake WiFi networks, and charity scams to sophisticated ransomware and phishing attacks, the internet is already a minefield of threats waiting to suck up our sensitive data. As the holiday shopping season begins and millions of us log on and whip out our credit cards—likely in even greater numbers this year, thanks to coronavirus—there will be an ever-greater number of cyberthreats to look out for.
Fortunately, there are plenty of relatively straight-forward tools and digital habits we can all employ to keep our data safe and ensure a nightmare-free holiday season.
Some of the most nefarious of these holiday cybersecurity traps come from an all-too-familiar place: public WiFi networks. Whether you’re connecting to WiFi in a shopping mall or the always hard-to-resist free airport internet, experts say it’s these innocent-looking public WiFi networks that pose the greatest risks to our data and digital well-being.
“It’s the easiest thing in the world to set up fake WiFi hotspots,” says Cian McKenna-Charley of VPN service company Private Internet Access. “It’s then very easy to intercept a conversation and pose some fake questions, like what your mother’s maiden name is. They use that information to get at your bank details. It’s extraordinarily easy to do.”
This sort of targeted data-phishing attack isn’t the only security risk of using public WiFi networks. By virtue of the way WiFi connectivity works, just connecting to these unprotected networks out in the wild can expose your IP address and all kinds of other personal info that gets passed along in the data “packets” that flow between the network router and your phone or laptop.
Of course, the easiest way to prevent such data leaks is to avoid unprotected public WiFi networks entirely. And while this is very sound—and not uncommon—cybersecurity advice, it’s also sometimes way too easy to ignore. Sometimes, our phones can connect to these networks automatically without us even realizing it. Other times, we’re just too desperate for a half-decent internet connection to abide by the office IT guy in our head. So we connect to “Free Public WiFi” and go about our business.
Another option for evading WiFi snoopers is to use a VPN like Private Internet Access on your device, which isn’t a bad idea for living a more secure, private online life in general.
“When you use your mobile phone to connect to public WiFi, an electronic handshake happens,” explains McKenna-Charley. “With a VPN, that connection gets encrypted with an encryption protocol. It effectively creates a tunnel so that nobody else can intercept or see the traffic.”
While they’re commonly associated with corporate IT departments and doing things like remotely connecting to a server at the office, VPN (or virtual private network) technology is also an incredibly useful security tool for everyday web-surfing and internet usage. Of course, that’s especially true for more sensitive activities like connecting to public WiFi or pretty much anything having to do with money. “If you’re engaging with an online bank, you should always have a VPN on,” McKenna-Charley advises.
It’s not just about preventing data leaks and other security risks, McKenna-Charley points out. By masking your device’s IP address and encrypting data, VPNs also simply make using the internet a more private, anonymous affair.
“Would you necessarily want your internet service provider to know every time you went onto PornHub?” says McKenna-Charley. “Probably not. But some people don’t mind.”
Locking Down Your Devices and Personal Data
Another step toward a secure digital existence is locking all your shit down, starting with the devices you use. This doesn’t just mean using strong alphanumeric passwords and passcodes on every laptop, phone, or tablet you use to access the internet or do anything important (which you totally are), but also taking things up a notch when it comes to access and authentication.
Multi-factor authentication is something you should be using everywhere. Your smartphone, your email account, bank and most of the gadget and online services you use have an option to enable two-factor or multi-factor authentication so there’s an extra layer of security every time anyone tries to access your device. In its simplest and most common form, multi-factor authentication is the thing that sends a random six-digit number to your phone when you’re trying to access your bank account on a laptop. It can also use a USB dongle or some other physical “key” or use biometric security options like your fingerprint or facial recognition. However fancy and sci-fi you do or don’t care to get, just make sure this feature is turned on everywhere the option exists.
Using a password manager is another way to bolster the security of your online existence. Apps like 1Password and Dashlane are a godsend because they not only let you store and sync all of your various passwords for countless websites across however many devices you use—but they’ll also force you to use super-strong, indecipherable passwords rather than just making it your dog’s name and then having your life and financial well-being destroyed by an easily-preventable identity theft scam.
Use Encryption Everywhere, Always
One of the key features of VPN software is data encryption, which is great for browsing the web privately and anonymously. But encryption isn’t just a VPN thing. It’s a priceless, security-enhancing technology that you should use whenever and wherever you can.
Encryption is a method of encoding and scrambling data to make it impossible for a third party to see or make any sense of it. This is what secure messaging apps like Signal and Telegram use to keep people’s messages truly private. You can encrypt the data on your laptop hard drive or mobile device to keep it safer from prying eyes.
Anytime you have the option to encrypt your communications, payments, or web browsing, it’s worth doing. Seeing “https” in front of a website’s URL in your web browser is typically a good sign that any data sent to or from that site will be encrypted. Of course, when in doubt, you can always connect with a VPN to scramble and obscure the ones and zeros flowing wirelessly to and from your device.