8 Steps To Secure Shopping Online

The Cookie Monster

This Cyber Monday & in the run up to the festive season many of us will be getting ready to buy online.

We would never leave our home without locking the front door to keep our valuables safe.  So why would we not protect our personal data and be mindful of its value when we are browsing and shopping online?

Cyber security global leader Kaspersky Lab has put together a short video called “The Data Dollar Store” that reveals the lack of value that some shoppers put on their personal data.  It is a thought-provoking piece that will hopefully make us all stop and think before giving our personal data away for free the next time that we go online.

Take Steps

However, there are lots of ways that we humans can take ownership and take concrete steps to protect our own data, which cost us nothing or next-to-nothing!

So, before you get online and go shopping, here are eight tips to keep you and your valuable personal and financial data secure.

  1. Web Browser: savvy online shoppers use incognito mode

Lots of airlines are running Cyber Monday sales and many of us now use incognito mode to book flights online.  Have you ever noticed that a flight price has changed after searching it a few times in your browser? Based on the cookies in your browser, flight prices do go up when a particular route is repeatedly searched.  The site wants to frighten you into booking the flight quickly before prices get even higher. If you search for flights in incognito or private browsing mode, the cookie will not be able to track you and you will be able to see the lowest prices.

However, even if you are already using incognito mode (or any other browser’s private modes) note that the following parties will still be able to snoop in on your network activity:

  • Internet service providers
  • System administrators in charge of the network at your school, workplace, or wherever you get online
  • Google, or whoever made your browser

If you want reasonably private browsing (as no system can ever be 100% secure), you could think about using Tor.

  1. Browse in private with Tor

Tor stands for “The Onion Router”. It uses multiple onion-like layers to mask network activity. It’s free, open source and easy to use.

  1. Mobile Phone: Turn on your phone’s password protection

Thumbprint ID is better than nothing, but it’s often not sufficient – you can’t change your thumbprint if an attacker ever gets hold of your mobile.

Thumbs down to Thumb Prints?

An attacker usually gets ten tries before a phone will completely lock them out. So, if your four-digit password is one of these common ones, you should change it ASAP: 1234; 9999; 1111; 3333; 0000; 5555; 1212; 6666; 7777; 1122; 1004; 1313; 2000; 8888; 4444; 4321; 2222; 2001; 6969; 1010

  1. Password: Use different passwords for each service

Don’t use the same password in more than one place. Pick a strong password.

A strong password consists of at least six characters (and the more characters, the stronger the password) that are a combination of letters, numbers and symbols (@, #, $, %, etc.) if allowed. Passwords are typically case-sensitive, so a strong password contains letters in both uppercase and lowercase. Avoid obvious dictionary words and combinations of dictionary words. Any word on its own is bad.

Use a Strong Password

Think about using a password manager to save you trying to remember your passwords – or maybe go old school – buy a small hardback copy book and record all of your passwords in this – as a hard copy it is technically “unhackable”. (Just don’t lose it!)

  1. Texting: Send encrypted text messages

Signal & Telegram are popular free, private messaging services. You can do all the things you would normally do through text messages, like have group messages and send photos and videos. Except that everything’s encrypted.

  1. Email: Use two-factor authentication on your inbox

Did you know that if your email inbox is compromised an attacker can not only read your emails, they can also use it to reset your passwords for social media accounts, bank accounts – and a whole lot more?

So, improve your personal security by turning on two-factor authentication on your inbox.

Two-factor authentication adds a second layer of security when signing into your email account. It usually involves receiving a phone call or text message with a special code whenever you sign into your account.

If you use Gmail, you can activate two-factor authentication here.

  1. PC: Encrypting your hard drive

Did you know that Windows and MacOS both have built-in full-disk encryption? The user just needs to turn it on.

  1. Search Engine: Search in private

If you don’t want to install Tor you can still search privately using DuckDuckGo, the search engine that does not track you.

DuckDuckGo isn’t as sophisticated as Google (it just does not have the same engineer resources), but it has a handy little a shortcut to enable you to get encrypted Google searches whenever you need them. How? You just need to prefix your search with !google.

Happy Online Shopping!

Happy online shopping to you all – and don’t forget to check out our very own Cyber Monday deals!