Cyber-safety shouldn’t take a break when heading home for the holidays. Between free time, new toys, and family travel, year-end festivities pose plenty of opportunity for on-line compromise. So stay safe this holiday season by avoiding these ten pitfalls.
10) Malicious season’s greetings
December often brings an influx of e-mail greetings from distant family and friends, inviting recipients to “click here” to view an e-card, video, or animation. Alas, not all such messages are sincere. While some are harmless hoax-mails, cyber-criminals have been known to disguise viruses and spyware as phony season’s greetings. So don’t let holiday spirit trump common sense; open all file p_w_uploads and URLs with care.
9) Phishing for friends
From Facebook to Twitter, many users will use holiday down time to catch up on social networking. Unfortunately, social networking sites have become a fast-growing vector for phishing -- especially targeted phishing attacks. Was that friend invitation really sent by your old colleague Joe? Think twice before clicking – and never ever give out personal data to new “friends” that you don’t really know.
8) Wayward laptops
Somewhere between hotel, cab, and airport, thousands of travelers will lose laptops, PDAs, and phones this holiday season. New York’s LaGuardia airport lost-and-found alone has accumulated over 70,000 unclaimed mobile devices. So don’t leave a boarding gate, vehicle, or security checkpoint without taking a mental inventory of your electronics to ensure that all are still in your possession. Better yet, register all laptops and smartphones with services that can locate and recover or kill lost or stolen devices, such as Apple's MobileMe, Microsoft's MyPhone, or Spearstone's DiskAgent.
7) Hazardous hotspots
Whenever you tap Wi-Fi at a coffee shop, train station, or ski lodge, beware of fake Internet hotspots. Surveys show that viral SSIDs like “FreePublicWifi” are advertised by 5 to 10 percent of Wi-Fi clients used in highly-traveled public places. Most are fellow travelers that naively tried to connect to similarly-named fake hotspots in the past. But a few might be criminals looking to snarf logins and passwords. So avoid enticingly-named Wi-Fi peers or networks that are too good to be true, and always protect hotspot traffic using ××× tunnels or SSL/TLS sessions.
6) Infested public PCs
Holiday travelers that leave their own laptop at home often use someone else’s computer to check e-mail or print a boarding pass. Whether that computer is a public PC in the hotel lobby or cousin Jane’s PC in her den, you’re swimming in potentially infested waters. Wherever possible, avoid typing in ordinary passwords that are easily captured by hidden keystroke loggers. If you can, protect public PC Internet access by using secure remote desktop or clientless ××× solutions that mitigate common public PC threats, such as such as LogMeIn, GoToMyPC, Juniper Secure Access, SonicWALL Aventail, or F5 FirePass.
5) Unattended logons
Whether you’re taking a quick break or hitting the road, remember to log out of all authenticated browser and ××× sessions, clear the browser’s cache of saved pages and passwords, and exit all programs. When leaving your own laptop unattended, password-lock the screen – or, better yet, shutdown and lock it away in a hotel room safe. Exercising a little forethought and caution can help you avoid wasting precious holiday time dealing with the consequences of unauthorized laptop use or theft.
4) Neglected USB drives
Oft-times, the smallest possessions are the easiest to forget or drop. Holiday travelers who remember to safeguard laptops and smartphones can still leave USB thumb drives plugged into public PCs, under guest room beds, wedged into airline seats, or skittering about rental car trunks. The files saved on those lost drives could come back to bite you – unless you’ve protected that removable drive’s content with data encryption. The same goes for data on devices that double as USB storage, such as MP3 players and iPods.
3) Internet skinny-dipping
Hundreds of thousands of families will unwrap a brand new computer this holiday season. While most new computers are now delivered with trial anti-virus software, recipients anxious to use these gifts don’t always take the time to activate virus and spyware protection or download current signatures and OS patches. Using the Internet without desktop security is never a good idea; get that computer up to snuff before the kids start visiting Websites, downloading games, and instant messaging their friends.
2) Not-so-safe smartphones
Small children aren’t the only users who go on-line from new unsecured devices. From DROIDs to iPhones, many adults and teens will receive consumer smartphones they’ve been pining for this holiday season. And most will immediately start configuring them with usernames and passwords for Gmail, Yahoo!, iTunes, Twitter, Facebook, and perhaps a corporate Exchange server. Unfortunately, a far smaller number will protect those phones with strong authentication—much less data encryption—creating an easy avenue for personal and business identity theft. Always enable built-in smartphone security measures and fill any gaps by downloading third-party security apps.
1) Dangerous downloads
Finally, use common sense when downloading games, file sharing tools, streaming clients, and other third-party apps this holiday season. Downloads are a fun way to get more from electronic gifts – especially free apps from marketplaces and app stores. Some sites (e.g., Apple, BlackBerry) scrutinize accepted apps. Some don’t, but deliver explicit warning about functions used by each app (e.g., Android). Understand what apps do before installing them and be wary of unsigned apps from unknown developers. If possible, use anti-virus/spyware to detect any downloaded malware.
Bottom line: We hate to be a Scrooge, but cybercrime doesn't take the holidays off. Everyone should keep online safety in mind as 2009 draws to a close. We hope these tips will help you all enjoy a safer holiday and a happier New Year.
Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. A 28-year industry veteran, Lisa enjoys helping companies large and small to assess, mitigate, and prevent Internet security threats through sound policies, effective technologies, best practices, and user education.
