2020 Holiday Infosecurity advice for the people in your life

Sure, if you are reading this post, it’s pretty likely that you are into information security. Perhaps you even do it as a job. And if that is the case, there is something we all have in common – helping out family members, friends and neighbors with their computer, device and internet dramas.

And now, we find ourselves in early December, and that means we have important holidays just around the corner:  Christmas, Hanukkah, New Year’s eve….

And this year, the holidays will be unlike any other we’ve experienced –  Thanks to the onslaught of Covid-19. Typically, we all get together, but many of us won’t be able to take that for granted this year!

How we try to make up for this – through frequent video calls, more online shopping, sending heartfelt messages, buying “smart” gizmos for loved ones….

All these approaches might help us feel less far apart this holiday season. But notice that they all rely on technology. So here is a smattering of tips you can share with your people to help them sidestep those pesky online potholes and avoid Cyber Hell during the last month of 2020.

So 2020 typical scenario:

Wifi-enabled video/audio calls

It is unlikely that we will see many, if any, of our remote family this year. Which means, that many of us are going to be spending the holidays in front of a screen somewhere showing aunty Marjory the tree or cooing at little Sophie as she has her very first giggle fit.

Here are three top tips to make the experience a happy one.

  1. Use a service that provides end-to-end encryption. So FaceTime, WhatsApp, Zoom – they all offer this service, as do others.  End-to-end encryption means that there’s no way for the service provider (eg Zoom or Apple) to decrypt the content of your conversations when they are in transit between devices.
  2. If it is a party call, check the settings so that the organiser can control who is allowed in, and who gets kicked off. This is to avoid Zoombombing, where uninvited guests happen on your zoom call and bombard you and all your people with loud expletives, rude pics, A Rick Ashley rick roll – whatever.  It is not every Gramma that takes kindly to someone wagging their Don Johnsons into the web cam.
  3. Here is a top tip from a security boffin. Just assume that the call is being recorded, so while your story about how you dropped the milk in supermarket and the whole thing exploded is fair game, your private stuff – phone numbers, banking details, passwords are not. This also goes for more saucy calls and videos that some of us might have. BE CAREFUL.
  4. Oo an extra one for you. Don’t complain just before or after the call. Some of these services have been known to lag the termination. So say you had a difficult conversation with a colleague, don’ t immediately flip them the bird and call them a you-know-what. They may hear this and it just might put a strain on your relationship.

Smart gifts

Right now, the tech world is a total Wild West. There is little legislation to regulate the smart toys, tools, gizmos and appliances that are spilling out of all manner of companies, based all around the world.

Until there is adequate protections in place, we must assume that the companies are under immense pressure to put their wares on the market. Many are understaffed (cause it’s 2020) and they have very tight deadlines.

So the typical security problems with IoT devices:

  • the makers did not think deeply enough about security. (eg You cannot change your password from the default.
  • the makers did not test enough meaning vulnerabilities could be lurking
  • the makers are primarily interested in collecting information (IP, GPS, contact details, etc), not in providing you a safe and private experience.

So how do you avoid getting snagged by IOT device:

  1. Stay away from brand new version One of smart IOT. Let the boffins who are new tech mad test it out and report their findings.
  2. Don’t believe the blurb on the website. Read the terms and conditions and privacy statements. This is the only place that firms must think twice before BS-ing you. What you are looking for is what data they collect from you, how do they store it, what they do with it and who do they share it with? Now if you are intimidated by legal terms, there is some services which can help, such as https://tosdr.org/
  3. For *any* Smart device you buy, Make sure you first look around to see if there are any report of previous security problems. What are looking for is what happened and how did they handle it. If they left an old database open to the public and during a risk assessment, they immediately closed it and reported it publicly, they get a pass. If they were found out because some unauthorized party got in and then when they tried to report it, the company in question denied it, WALK AWAY, no matter how sexy the smart gadget is
  4. Top Tip: create a Media alert – like google alert –  for all the Smart IOT devices, including your router, your phones, your tablets, your Roomba, your Amazon Ring. Just type in the company, the product and the world security. That way you will be informed when there is a problem and will have more time to do something about it.

Email

Whether you like email or not, email is still a fundamental communication method for when you email older relatives or when you do your online shopping or when you open an account somewhere.

Email is still at the heart of everything, which makes it one of the most targeted weak points. Why? because it relies on our passwords and our personal assessment about whether something is good or bad.

How they get you in your email:

  • Pretend to be a package delivery service confirming your scheduled delivery time.
  • Having successfully hacked your parent’s email, you receive what looks like a greeting card to all the contacts, which harbors malicious code.
  • An urgent email from bank saying your account is out of funds and to click this link to verify the account activity.
  • an email from Zoom purporting that your account has been breached.
  • Coronavirus updates from what looks like a reputable news service.

So tips to avoid being duped and clicking on these.

  1. Have complex unique passwords for all your accounts. Consider using a passwords manager to help manage your different passwords.
  2. use multi-factor authentication. This provides you with an extra hurdle to double check that you are who you say you are- this makes it that much harder for an attacker to get in by pretending to be you.
  3. Do not panic. Most of these emails demand an action. The game plan is to stay calm. If you, say, get an email from a friend or family member that is out of normal behavior, just text or call them and ask if it is legit before you open. If it from your bank, avoid clicking on anything in the email if you are uneasy – find your bank card and use that number on the back.
  4. Last top tip?Put the number on the back of your debit and credit cards in your phone, so if you lose your card, you can contact them with ease.

So there you go – a few tips to help you and your loved ones to sidestep cyber hell this holiday. 🙂

Previous ArticleInformation Security Policies: Knowing Who and How to Trust Next ArticleRemember Online Scams Target Businesses Too