If you’ve been following our actions on social media lately, you’ll notice we did a “12 Days of Security” series of cybersecurity tips for how to stay secure around the holidays. The below is a recap of the updates.

On the First Day of Security …

Around the holidays, email phishing is much more common. The most common type of phishing is to get you to click on a malicious link. Don’t fall prey to this holiday scam. Be aware of any links that appear suspicious. For ads, Google or type in a company address instead of directly clicking on the link. If you receive anything strange from a co-worker, ask them about the email offline to confirm it is legit before clicking on anything.

(Credit – Candis Orr, Senior Security Analyst)

On the Second Day of Security …

Encryption is key friends! Look into encrypting your devices including laptops, phones, back-up hard drives, etc. And when setting up encryption, always use a password/passphrase to decrypt any device that has full disk encryption. Do not use fingerprint or any other type of authentication. This is especially important when traveling internationally and going through different customs.

On the Third Day of Security …

With breaches happening constantly, shopping online can be stressful. Use https://privacy.com/ to generate temporary anonymous credit/debit cards for your online shopping needs. Or use prepaid credit cards on sites that seem questionable. This helps protect your credit card information in the event that the site is not secure and has the added benefit of holding you to your budget. 

On the Fourth Day of Security …

Traveling during the holidays? Don’t expose your information via unsecure Wi-Fi networks. Avoid open Wi-Fi hotspots such as those in airports, hotels, and coffee shops. It’s all too easy for an attacker to set up a man-in-the-middle attack for public Wi-Fi to intercept network traffic and steal passwords. If you absolutely must connect to open Wi-Fi, protect all your traffic via a trusted VPN provider. Many VPN services provide an app you can use on your phone or tablet as well. (Check out our VPN guide for more information). 

On the Fifth Day of Security … 

Do you have a smartphone? Okay, we know you do. Follow this tip to increase your mobile security. Disable Wi-Fi and Bluetooth radios on your phone. If the radio is on, your phone will constantly try to connect to Wi-Fi and prefer that connection for data. An attacker can see the connection attempt and then spoof that connection to man-in-the-middle your network and steal passwords or other sensitive data. There are well-published attacks against the Wi-Fi and Bluetooth System on Chip (SoC) implementations in nearly every popular smartphone that may open your device up to very bad things.

On the Sixth Day of Security …

Scared of identity theft? We all are, but one of the best things you can do to protect yourself is to freeze your credit. Freeze your credit reports through all three credit bureaus: Equifax, TransUnion, and Experian. There may be a small fee, but this can prevent your stolen information from being used to open new accounts. You should always monitor activity on all of your accounts and remember to lift the freeze before applying for new credit lines (mortgage, car loan, credit card, etc.). 

On the Seventh Day of Security …

Heard any breach stories lately? What, you too? Well, there are some you might be missing. Subscribe to a service like https://haveibeenpwned.com/. If a website where you have an account gets hacked, you are notified by email so that you can quickly change your password and take other actions to protect yourself.

On the Eighth Day of Security …

Enable two-factor authentication (2FA) on your most sensitive accounts (e.g., bank accounts, Google, Amazon, PayPal, and Password Managers). This strengthens security by requiring two methods to confirm your identity, e.g. a username and password plus something you have, like a smartphone, to approve access requests. This second security layer makes attackers’ lives harder and reduces fraud risks. 

On the Ninth Day of Security …

Want to have stronger passwords but hate remembering them all? Use a password manager like 1Password, LastPass, Dashlane, or KeePass. It’s the easiest way to only remember one very long password and then all your other passwords can be completely random. Having random passwords means that if a service you use is breached, only that account is affected and it’s much less likely an attacker can actually crack a password hash for nonsense. Reusing passwords means that if one site or service gets popped, the hackers can use your password to log into many other sites as well. (For more info, read this blog post from earlier this year.)

(Credit – Justin Paglierani, Senior Security Analyst

On the Tenth Day of Security …

Network segmentation is key to cybersecurity, but yet not many people (or organizations) take the time to actually do it right. For some inspiration, check out our guide to do-it-yourself network segmentation from last year. 

 

On the Eleventh Day of Security …

Odds are at least a few of you will be gifted smart devices for the holiday. However, recognize that, no matter how convenient or appealing these devices can seem, they can come with ample security risks. This article touches upon some of them. 

 

On the Twelfth Day of Security … 

Use privacy-geared browser extensions from the Electronic Frontier Foundation (EFF) and support the great work they do! Try out Privacy Badger and HTTPs Everywhere

Until next year … stay safe out there!