Five tips to beat cyber-criminals with XMAS on the horizon

6 min read.

News Article
15 November 2018

The festive spirit isn’t the only thing that’s infectious as the 2018 holiday season approaches. It’s typically the time of year when we see an uptick in cybertheft. With online spending expected to further increase on 2017 figures, this xmas is a mouth-watering proposition for criminals.

With retailers swamping inboxes with millions of promotional emails, and hungry shoppers desperately looking for great buys, it’s the perfect time to slip phishing emails and malicious links into the flood of traffic entering your business.

If you’re one of the millions of businesses with staff who intend to shop online this holiday season, make sure you’ve taken all the appropriate precautions before they get started. Whether they’re shopping from their laptop or mobile, workstation or tablet, here’s five essential things you need to do before they start buying.

1. Update Your Kit

If you’re not using “the latest and greatest” version of your OS and software, you’re leaving open security holes that have not only been patched by the vendors since your last update, but which have been published and are therefore known to criminals by now as well. Hackers study security fixes made by vendors and then go looking for devices that haven’t been patched by users. So, first check your OS for any updates, and then take an inventory of any software your staff might use for online shopping purposes. Web browsers, banking apps, shopping apps, and password managers all need to be on the latest available version.

2. Refresh Your Passwords

Nobody likes changing their passwords – all that new muscle memory to learn! But the start of the holiday season is the best time to do it, for two reasons. First, fingers will find it easier to learn these new taps as they’ll likely be exercising password routines more than usual during this time of year. Second, online password dumps have become so common that if passwords haven’t been refreshed since last Holiday season, there’s a good chance they’re already floating around in some database for sale on the Dark Web by now.

Your staff should be using a password manager and a secure password generator. Their pet’s name and birthday do not fall into the category of “secure”! Reversing their name or phone number aren’t going to cut it either, and don’t even consider patterns like “superman99” and “batmanOO7” or using the word “love” anywhere in a password! The cyber criminals are way ahead of you!

3. Add Additional Authentication Layers

Wherever available, opt-in to two-factor (2FA) and similar authentication layers which make it more difficult for breaches to occur. On top of the extra security step when you log in, you will typically receive a message whenever your account is accessed.  This can help alert hacking attempts sooner rather than later. Some sites and services allow the use of OTPs (one-time passwords), which usually expire after a short time. These may be sent via email, text or through a dedicated security app like Google’s Authenticator if you’re using Gmail or other Google services.

Always take the opportunity to register for these extra protections when offered. Check account settings with major providers like Google, Microsoft Live and Apple iCloud to turn on two-factor authentication if you haven’t done so already.

4. Ensure Websites are the Real Deal

Fake websites are becoming harder to spot, and hackers have got very good at cloning commercial sites to the point where they are almost indistinguishable from the real thing. Look for the little padlock to the left of the URL in a browser’s address bar, and click it to view details about a site’s security. Note that the color of the padlock signifies different things. Here’s Microsoft’s explanation for Edge:

“While a grey lock means that the website is encrypted and verified, a green lock means that Microsoft Edge considers the website more likely to be authentic. That’s because it’s using an Extended Validation (EV) certificate, which requires a more rigorous identity verification process.”

If your business users access the latest version of Chrome, the browser will now warn you about sites that are using the older insecure HTTP protocol and outdated certificates. Heed the warnings. For Safari users, in the browser’s Advanced Preferences, be sure to check the “Show full website address” box for the smart search field to see at a glance the real address that you land on.

5. Stay Off Public Wifi

Of course, we all access the internet on the move nowadays, escpecially at this time of the year when we’ve got a long christmas list to get through, or simply need to check the balance of a bank account?

Don’t, however, be tempted to take up that free Wifi offer that comes with your cappuccino. Sure, the site you connect to might be encrypted, but that doesn’t stop snoopers on a public network from gathering information about bank details and items you’re looking to buy. That might be just what they need for a targeted spear-phishing attack. Worse, if the hotspot itself is infected or malicious, you could be subjected to a man-in-the-middle attack or be tricked into downloading malware.

When browsing on the move, stick to your cell provider and link your laptop or tablet to your phone’s personal hotspot service if available.


We all need to exercise safe browsing and computing practices throughout the year, but if you haven’t started yet, the holiday shopping season is the right time to begin! By encouraging your staff to employ the tips we’ve outlined above, you will be a more difficult target and reduce the chances of becoming yet another victim on the stats sheet.

For enterprise security, check out SentinelOne and see why Fortune 500 companies are switching from their traditional solutions. Or contact NETprotocol today to ensure your systems and users are secure from cyber criminals.