Introduction
The holidays are a busy time of year – buying gifts online, making travel arrangements and wanting to give back to charitable organizations.
It’s also a busy time for cybercriminals who are trying to take advantage of you.
But you can fight back against thieves and better protect your personal information.
- Think twice before clicking on links or attachments
- Shop at well-known companies, and research ones you’re not familiar with
- Look for https (not http) in the address bar
- Sign up for text alerts from your credit card company and bank
- Check your credit card and bank statements regularly
Holiday Cybersecurity Tips
Shopping
- Keep a clean machine. Before picking out that perfect gift, be sure that all internet-connected devices ‒ including PCs, smartphones and tablets ‒ are free from malware and infections by running only the most current versions of software, web browsers and other apps.
- Use secure Wi-Fi. Using free public Wi-Fi to shop online while at your favorite coffee shop is tremendously convenient, but it is not cyber safe. Don’t make purchases while connected to public Wi-Fi; instead, use a virtual private network (VPN) or your phone as a hotspot.
- Lock down your login. Create long and unique passphrases for all accounts and use multi-factor authentication wherever possible. Multi-factor authentication will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-timecode sent to your phone or mobile device.
- Resist the urge. Be wary of offers too good to be true – no matter how tempting they might be. Buy only from trusted and established online retailers and avoid websites of retailers you’ve never heard of.
- Think before you click. Pay attention to emails you receive. Don’t open emails from unknown senders or click on links in suspicious messages.
- Shop securely. Not only should you make sure your internet connection is secure. Check to make sure you’re shopping on a site that uses SSL protection. The easiest way to tell is to check your browser’s address bar. Look for https is the URL. Sites without the s are not safe to submit payment information or other personal details.
- Pay wisely. Use a credit card or pre-paid debit card instead of a debit card linked to your bank account. Or, use a reliable, established third-party payment service, such as Google Pay, Apple Pay or PayPal.
- Monitor your accounts. Check your online financial accounts regularly for suspicious spending. Also, take advantage of text and email alerting services that many banks and credit card companies now offer.
Giving
Online thieves know the holidays spark the desire to give back, making charity donations a hot target.
- Do your research first. Never feel pressured to give on the spot. Visit the website of the Internal Revenue Service to learn more about what types of organizations can get tax-deductible donations. Also, use other online resources, such as Charity Navigator, CharityWatch or GiveWell, to learn about charities and how they spend the money they receive. money.
- Ignore unsolicited requests. Be wary of emails and phone calls asking for donations, especially from organizations unfamiliar to you. If you want to donate, visit their websites directly or call to donate.
- Think before you pay. Never wire money or send cash. When writing a check, make it payable to the organization or pay via credit card. If you donate online, make sure the website is secure by looking for the s in https at the beginning of the URL.
- Doublecheck the website. Check website URLs carefully since cybercriminals often create websites and names that are very similar to legitimate, reputable organizations. Check the spelling of the organization's name and the URL very closely for discrepancies.
Traveling
No one is exempt from the threat of cybercrime, at home or on the go, but you can follow these simple tips to stay safe online when traveling.
- Avoid free Wi-Fi. Although connecting to free public Wi-Fi sounds great, it is often unsecure and can expose your devices and personal information to hackers. Instead, use a VPN or your mobile phone as a hotspot when going online.
- Confirm your network. If you do connect to public Wi-Fi, be sure to confirm the name the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate.
- Disable auto-connect on your devices. If your mobile phone or table automatically connect to wireless networks or Bluetooth devices, disable those features and connect manually only when you want to.
Additional Resources
A security incident is a threat or possible compromise involving non-public institutional data. Non-public data is any data that is not posted on a website or made public on a regular basis through reports and other means.
If you have experienced what you think is a possible security incident you must report it immediately by following the link to Report a Security Incident.