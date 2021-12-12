This year’s holiday shopping season is in full swing, with online shoppers being barraged with promotional emails and texts. While it’s important to note that many of these online deals are legitimate marketing, all of us need to be aware that cybercriminals are out there now more than ever, looking to take your money.

At the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, protecting Americans from cybercriminals is a top priority. We hear every day of hackers successfully attacking large companies and government services with malware and ransomware, yet cybercrime also affects individuals.

It’s not just stealing from your bank account that matters — it’s also your identity, your financial data or the content of your emails. These are sought after by malicious actors. The less concerned you are about this, the more of a target you become.

For most of us, the internet is an integral part of our lives. We use the web for information like getting directions on our smartphone to the company holiday party. We use the web to wish cousin Larry and all our family and friends a happy new year from our vacation spot in Florida. We use the web for financial transactions like paying bills or buying that last-minute gift found on our spouse’s e-commerce wish list. Each activity we do on the web has the potential to be compromised in some fashion, so it is important to have some basic rules of thumb to protect you and your loved ones from fraud and scams.

More than 90% of malicious software is downloaded unintentionally by folks who simply open hyperlinks or attached email files. Obviously, most of us are not trying to do this, but the bad guys can be tricky. A text from an unknown source saying you have won a million dollars can be tempting to open. More realistically, an email from what seems to be a trusted source that looks important may be harder to recognize as a fake. You may not notice the extra semicolon or backslash in the email address. If you’re unsure about the email, type the URL in a browser rather than clicking on the link, and in all cases, trust your instincts! If you receive an email that you believe is a phishing scam, you can report it to us-cert.gov/report-phishing.

Following are a few other ways to reduce your online risk and rest a little bit easier knowing that your internet activities are protected throughout the year.

— Always protect your devices by making sure you have the most recent software updates and patches. This is typically easy to do for smartphones and tablets, as the updates are sent automatically. Just don’t forget to install them, or even better, set your devices to automatically install.

— The passwords for your devices (as well as your online accounts) are another area of concern. We all know password management is difficult. But do not go with popular passwords such as “password” or “123456.” The best advice is to make your passwords different and complex. Change them regularly and use a software application known as a password manager to keep them in order.

— While passwords are one key to protecting your accounts, another is multifactor authentication. Think of this like the deadbolt that supports your door lock. Multifactor authentication sends you an email, text or call to confirm that it is you who is trying to access your account. Accounts protected with this tool are far less likely to get hacked. Any accounts that deal with finance, health or personal records should absolutely have multifactor authentication installed. And your other accounts, like social media? Implement it as well.

— Finally, be aware of public Wi-Fi networks. Avoid using these networks when conducting sensitive personal or financial activities. If you must use public networks (or any network for that matter), ensure the web address you are contacting has “https” (not “http”) in the URL, to ensure a secure connection. Use credit cards (not debit cards) when making purchases and always check your credit card and bank statements to ensure your transactions are correct.

Protecting your cyber profile is an important task that starts with you. The holiday season is a good opportunity to review your accounts and devices, and make sure you and your family are protected. The simple measures outlined above can go a long way in ensuring your cybersafety and security are in good hands. By taking these steps, we reduce our chances of encountering the “Cyber Grinch,” and can get back to focusing on the joys of the holiday season knowing our internet use is protected.

We encourage you to take advantage of tips and recommendations provided by trusted sources. More resources may be found at cisa.gov/shop-safely and stopthinkconnect.org.

David E. Wood is a protective security adviser for the Cybersecurity & Infrastructure Security Agency. He is based in Lancaster.