MSPs go above and beyond to provide cybersecurity advice for their clients’ businesses throughout the year. As their client’s trusted advisors, MSPs are in a unique position to educate their clients as they go about their online holiday shopping.
2021 is looking to be a busy holiday shopping season and another banner year for e-commerce. All this online activity is ripe for cyber-attacks, and there are many ways to boost cyber defenses and safely navigate shopping, streaming, surfing and yes, working, online during the holidays.
In this blog, we will share seven tips to help enjoy a cyber-safe shopping season. You can also download a customer-ready version of this list here.
1. Shop with Trusted Sites
The easiest way to avoid scams or cyber fraud is to shop with brands you trust. One of the challenges with e-commerce is the absolute proliferation of sites and online shopping outlets. It pays big dividends to concentrate your spending with trusted brands and companies that have served you well in the past.
Do you have someone on your shopping list with esoteric tastes? Fortunately, one of the beauties of e-commerce is you can find virtually any product across the globe. On the other hand, there is still a Wild West dimension to e-commerce and there are lots of fraudulent sites or other scams. If you are shopping for hard-to-find gifts, sometimes it makes sense to shop through the largest online merchants like Amazon or eBay, since it allows you to tap into their large network of smaller merchants and discover hard to find products, while enjoying the security and confidence provided by a big brand name. Generally speaking, website security, returns, refunds, and customer service through Amazon and eBay are top-notch and guarantee a stress-free shopping experience.
2. Look for the Padlock
When consumers are visiting any sort of e-commerce site, look for the padlock in the browser window.
The padlock in the browser window means the site is using HTTPS protocol to create a secure session between the consumer and the website. When HTTPS is employed, the connection is encrypted and secure for the transmission of credit card details and other sensitive information. Simply avoid any sites today that don’t employ HTTPS or where the padlock is missing. When the padlock is missing, it is a telltale sign that the website is a phishing site or other sort of fraudulent e-commerce site.
3. Use Unique Passwords
As consumers go about their online shopping, encourage them to use unique passwords for every online account or service. According to a research study of U.S. adults conducted by Google and Harris Poll, 65% of the respondents admitted to reusing passwords across e-commerce sites and other online services at least some of the time.
The problem with password re-use is that it only takes a single cybersecurity breach at an online vendor or service to have one’s email and password combination freely available in the wild. Cybercriminals can then wreak havoc on people’s personal and financial lives. What’s more, when a consumer re-uses a password, they often also re-use the same password on their work systems and other company software systems, further compounding the cyber security risk in the workplace.
The average consumer will have dozens or even hundreds of different online accounts, so the problem is pretty daunting. Nevertheless, the best practice is clear: use different passwords for every online site or service. The solution to the password re-use problem is smart technology, which brings us to our next tip.
4. Use a Password Manager
Password managers enable consumers to use unique passwords for every site. A password manager works by creating a secure vault where the consumer can store all their passwords to various online sites while protecting the vault with a long and secure master password. With a password manager, the consumer can create unique, strong passwords for every site and then only needs to remember their long master password. Password managers come with handy browser plugins or mobile apps which populate the stored passwords into various sites and apps when needed. Lastpass, Dashlane, and Keeper Security deliver some of the most popular and well-reviewed password managers.
5. Add Multi-factor Authentication (MFA)
Adding multi-factor authentication (MFA) is one of the best ways for consumers to take their cybersecurity to another level. MFA works by prompting the consumer to authenticate with multiple methods. Most commonly, the consumer will supply something they know, like their password, along with something they have, such as a one-time password generated on a previously authenticated mobile device.
This two-step process makes it virtually impossible for cybercriminals to improperly access your account since even if they have stolen your password, they will lack the one-time passcode generated by your mobile device. MFA has been very common in the business world and commercial SaaS applications. Online banks and brokerage accounts have long offered consumers MFA options. Now, these options are showing up on all kinds of sites, including consumer SaaS applications, mobile apps, and e-commerce sites.
6. Upgrade Your Home Network
After two years of a pandemic and remote work, most household networks are due for an upgrade. Today, our home networks carry all manner of traffic, from streaming Netflix to Zoom calls with your boss. Unfortunately, most home-based routers and Wi-Fi gateways are insecure and inadequate. Too often, home network devices are deployed with default passwords and many security features disabled. What’s more, home networking devices often will get long in the tooth and never see a firmware update.
The solution is a new generation of home networking devices that address many of these cybersecurity deficiencies. Vendors such as Palo Alto Networks with its Okyo Garde solution or the new line of Linksys devices fortified with Fortinet security address many of these cybersecurity challenges. These new-generation devices are automatically updated from the cloud, block a wide range of threats including fraudulent websites and phishing attempts, and give households and parents fine-grained parental control features to regulate Internet use in the home. Just like with businesses, consumers can raise the bar on cybersecurity by employing layers of defense. Upgraded home networks are a great place to start.
7. Consider a Credit Monitoring Service
Lastly, consumers should consider adding a credit monitoring service. These services address a wide range of challenges, from password, credential, or identity theft to the basics of credit monitoring. Services like Credit Karma or LifeLock monitor the Dark Web to alert their customers to stolen emails or passwords while giving real-time visibility to new account creations that can signal identity theft attempts.
Pro Tip: AAA member they can activate a free credit monitoring service from Experian included with their subscription from AAA: https://www.aaa.com/experianidtheft/
While it is obvious that it makes sense to monitor your credit score, today consumers need to go to the next level and keep an eye out for the many ways cybercriminals look to exploit stolen information or digital consumer identities.
At Dropsuite, we arm MSPs with a cloud software platform to easily backup, recover and protect their important business information. We work tirelessly with the MSP community to raise consumer and business awareness of various cybersecurity threats, along with the best practices to help protect and defend their clients.