Thanksgiving in the United States is characterized by good food, good friends, and time spent with family, as well as the kick off for the holiday shopping season. This year, I’d like to offer some tips for a cyber safe holiday.
If there’s one thing you can do to make sure your home network is safe and secure this holiday season, it’s replacing your home router. Home routers usually only get attention when “the internet is broken,” and that attention tends to begin and end with pulling and replugging cables. This lack of routine maintenance, along with a stupendously long operational life for these little computers has left us with a massive installation base of old, unpatched routers that are responsible for keeping our personal information safe from internet criminals. So, if you want to be a real cyber hero this season, consider buying and configuring your friends and families (and yourself!) a brand new home router. Check with your internet service provider for compatible all-in-one models, or go with a split infrastructure of a new cable modem and wireless access point. Routers being sold today are much more likely to come with an automatic update feature -- a feature sorely lacking even three years ago, which makes software updates much more likely to happen regularly.
Talking Turkey about Security
While I love nothing more than explaining, in detail, why my family’s political beliefs are so very dunderheaded over Thanksgiving dinner, I’ve found that these conversations rarely produce positive change. So, this year, I expect to stick with a subject I actually do have some expertise in: personal internet security. Join me in avoiding political debate by substituting in some frank and hopefully enlightening discussions about password management, social media privacy habits, and tips on avoiding scams and phishing. You’ll still get to act like a know-it-all and explain to your loved ones why they’re wrong, if you like, but you also have an opportunity to maybe teach them a thing or two about security basics in a modern connected world.
Scammers Love Cyber Monday
While Cyber Monday is a magical time of year for online retailers, and there are certainly some choice promotional offers to take advantage of, it’s also a time where online criminals prey on holiday shopping fever. Online and phone scams rely on people acting before thinking critically, so if you get a call from “your bank,” take a moment to consider if this is really a helpful agent, or if this is someone trying to tease out your credit card information. If you believe this call or email is really from your credit card issuer, you can always call them back directly using the number printed on the back of your card. Holiday purchases also provide extra cover for fraudulent charges, so even though you expect your credit card bill to be a little bit higher than normal this month, take an extra moment to review recent purchases. If nothing else, you’ll be able to notice if you’re actually using that annual subscription you bought last year, and if it’s still worth it.
Opting Out of Tomorrow’s Breach
This year has been the worst in terms of massive scale data breaches -- weirdly, just like all other years. So, if you want to avoid getting swept up in next year’s Worst Data Breach Ever, be mindful of that pernicious “save payment information” checkbox at the bottom of every online checkout form on the internet. In most cases, it’s checked by default. Un-ticking that might make the difference between reading about the next breach in a panic or mere schadenfreude. In fact, the holidays aren’t a bad time to clear out saved payment information on the sites you already use, as well as changing any saved passwords for sites you’re commonly logged into. Again, a password manager can do wonders for your cyber hygiene, as well as many of the other personal security tips explored by Olivia, our NCSAM test subject from October.
Avoid Malware with this One Weird Trick
If you’re reading this blog, there’s a good chance that family tech support is your de facto job, and you’re in high demand during holiday family reunions. While you probably already have a to-do list for clearing out malware, adware, and scareware from your in-laws’ computers, can I suggest leaving one surprisingly effective preventive measure behind? If they’re running a Windows laptop or desktop, go ahead and install the free network analysis tool, Wireshark. Now, I’m not suggesting that you hold a seminar on how to perform packet analysis, but instead, just make sure the WinPcap drivers are installed and running. Oftentimes, the latest malware and ransomware binaries check specifically for evidence that they’re running in a forensically instrumented environment, and if they find something suspiciously network-security-specific, like WinPcap and Wireshark, they’ll abort and not execute their payloads. While this can be annoying for real malware analysts, you can use this tendency to your advantage to create an anti-malware environment by pretending that your family is composed entirely of security experts, ready to blow the lid off the next WannaCry.
Actually Give Thanks
Online security doesn’t have to mean giving in to dread and paranoia when it comes to your and your family’s exposure and attack surface. Rather, think of all this in terms of making rational, calm, and informed decisions about the security, trust, and convenience trade-offs we all make in today’s vastly complex online and offline networks. After all, we have a lot to be thankful for even when it comes to cyber security. So, this holiday season, reflect on the amazing world we’re lucky enough to live in, thanks to all those interconnected technologies that aren’t quite sentient enough to exterminate us.