Online shopping is a timesaver before the holiday season, but it can also betray our plans for Christmas gifts. Even though most households own more than one device used by everyone, there are several ways that family members or colleagues can accidentally find out what presents await them.
“In the past, people would find out about their Christmas gifts by accidentally discovering them hidden in a wardrobe or by checking browsing history on the family computer. Trends are shifting, and now IP addresses and poor digital habits are usually what betray us,” says Marijus Briedis, CTO at NordVPN.
To protect our privacy and retain the secret of gifts, Marijus Briedis advises these preventive measures:
Use a VPN. When we shop online, websites and marketers track our every move to show us an offer we might like. The main issue is that ads based on IP address targeting are shown on all devices connected to the same router. This means that recipients of the gifts can start getting ads based on the searches of one user if they use the same Wi-Fi. One of a VPN’s core features is hiding your IP address, so it’s a tool that helps you stay private and avoid IP-targeted ads.
Use incognito mode. Incognito mode does not exactly equal privacy, but this is precisely what it was made for – setting aside a single browsing session that won’t save cookies and won’t save browsing history. Incognito mode can help keep your online shopping a secret.
Get a privacy-oriented browser extension. There are plenty of powerful, free browser extensions that can help shake off trackers and keep holiday shopping searches private. There are lots of options, and they all work differently. NordVPN recommends these browser extensions.
Stop engaging with brands on social media (at least before the holidays). Likes and comments on Facebook or other social media show everyone which brands the user engages with. Usually, that’s not much of a problem, but it could give a hint to the intended recipient of what gifts to expect.
Mind your screens and windows. Users shouldn’t forget to close windows and lock their screen. This is the privacy hygiene of the digital age. Even advanced cybersecurity precautions cannot protect privacy and secrets if the user keeps their desktop open or screen unlocked.
Around 70% of British people consider password loss as stressful as a personal injury or an illness, financial problems, or dismissal from work, the latest digital stress survey conducted by NordPass indicates.
The study, which investigated the effects increasing cybersecurity demands have on people’s mental health, reveals that 67% of adults in the United Kingdom (UK) fear losing access to an important account without a reset option.
To compare, fewer people — 64% — find a personal injury or illness highly stressful. Dismissal from work and financial problems terrify 70% and 72% of people respectively.
Tomas Smalakys, the CTO of NordPass, said: “The fact that password management issues cause more worries for British people than personal health matters is concerning.
“This insight again proves passwords no longer fit people’s needs, and the switch towards alternative methods of online authentication should become the key priority for service providers,”
Why do passwords cause so much stress?
NordPass found that the fear of losing access to an account is related to a person having too many passwords at hand and, as a result, struggling to recall which password belongs to which account.
In the UK, almost half (45%) of internet users agreed password management is a challenge for them. In the US, even more people (56%) feel this way.
According to NordPass data, an average internet user has around 100 passwords to manage. This number contains both personal and business accounts, many of which are used on a daily basis.
As Smalakys explains, with so many credentials to remember, people tend to create weak passwords and reuse them, which then results in data breaches:
“It’s an unfortunate cycle. We fear losing access to our accounts and create simple passwords so we don’t forget them, while the most direct way to lose an account is actually to create a simple password for it,” says Smalakys.
Based on the latest Verizon Data Breach Investigations report, 74% of all breaches include the human element, and creation of weak passwords is among the key causes.
Tips to reduce password management induced stress
To ensure password management is less challenging, Smalakys recommends using the following cybersecurity practices:
1. Adopt a password manager. This solution allows someone to securely store all passwords, passkeys, credit cards, and other digital assets in one place, autofilling them on websites and sharing them with others in an end-to-end encrypted environment. Password managers also generate secure passwords consisting of at least 20 digits.
2. Give passkeys a try. Many tech companies, including Microsoft, Google, and Apple, offer a passwordless login with passkeys. Passkeys are a new technology, approved by the prestigious FIDO Alliance and considered the healthiest and the most convenient alternative to passwords.
3. Delete accounts you no longer use. Rarely used accounts often get abandoned, which makes them attractive to cybercriminals. The passwords for these accounts become outdated and are then easily crackable.
The busiest time of year for shopping is fast approaching and there are many deals to be had. However, it’s important to keep ourselves safe from hackers and scammers that target online shoppers.
Online safety expert Chris Bluvshtein at VPNOverview.com gives his top ten tips for keeping yourself safe while shopping online during the holidays.
Stick to websites you know
You might be tempted by a Google link promising an amazing deal but before you click, look at the name. If it’s not something you recognise, don’t go there. Hackers can use similar names to high-street brands to trick you into giving up your data so double check the site is the one you know. Google also tells you if you’ve visited the site before so it’s worth taking your time and checking for those details.
Check the URL bar
Every website should have a valid security certificate and you can tell by the little padlock icon next to the URL. If a website doesn’t have one of these then don’t give your bank details or valuable information.
Check your bank statements
You might not even be aware of your details being stolen until it’s too late, but by making it a habit to check your account and statements you’ll be able to catch any suspicious activity early on. Your bank will have information on any time limits they have for fraudulent purchases, so be sure to keep an eye on your statements.
Use a password manager
The safest thing you can do is use a unique, randomised password for all your accounts. But instead of writing those down on post-it notes or in notebooks, use a password manager to keep them all in one place. Password managers lock your information behind a master password and many of them autofill the website logins for you, keeping you safe from keylogger attacks.
Don’t shop on public Wi-Fi
You might be tempted to hop onto your favourite shopping site while having a coffee at your local cafe, but that public wi-fi connection is extremely dangerous to use. Public Wi-Fi rarely has safety protocols such as passwords in place and hackers can piggyback and steal unsecured banking details and sensitive information without you knowing.
Use mobile payments
Apps like Apple Pay and Google Pay can protect your banking details so if a website accepts them, it’s best to use them instead of your debit card.
Use a credit card
If something is high value, don’t use your debit card to pay for it. Consumer law in the UK means that you could get refunds or claim your money back if your card is stolen. Credit cards also have more protections than debit cards.
Set up a temporary bank account
By opening an online only bank account such as Revolut or Monzo, you can control the amount of money you have access to with transfers from your usual account. This way, even if your details are compromised, the hacker can’t do anything to your real bank account.
Use a VPN
A VPN protects your data from prying eyes. Everything you send is encrypted so even if a hacker can see you on a network, they won’t be able to access your sensitive information. VPNs connect you to a remote server and hide your IP, using one along with any of our other tips can make your online shopping super secure.
If it seems too good to be true, it probably is!
Be careful with any adverts for amazing deals. You might never get the item or there could be hidden dangers. This old saying still rings true with online shopping.
As we enter into a new year, cyber crime continues to threaten businesses. Cyber attacks cost the global economy an estimated $6 trillion USD in 2021, and the costs are predicted to increase for 2022.
Since the beginning of the pandemic, hackers have been quick to exploit the growth in home working practices. Small businesses also reported an increase in attacks, and with 60% closing within six months of falling victim to a data breach, establishing a comprehensive cybersecurity strategy has never been more important.
Anthony Green, CTO and cyber crime expert at FoxTech, discusses what businesses should watch out for in the coming year: “In 2022, with many organisations implementing flexible working policies, and bringing personal devices into the office, it’s important to understand how cyber attackers might continue to exploit our changing working practices.
“It is often easier for attackers to breach home network devices, so when personal devices are being used to access company data at home, or brought into the office and connected to company networks, it can expose their system to hackers searching for vulnerabilities to exploit. With hybrid working policies expanding companies’ cyber risk, it’s vital to be aware of what the threats are, and how to prevent attackers gaining access.”
To help businesses plan their cybersecurity strategies, FoxTech has put together a guide to the top predicted cybersecurity threats for 2022, and what organisations can do to protect themselves:
Ransomware
Ransomware was the defining force of cyber attacks in 2021. Hackers infiltrate a system, steal sensitive data and demand a ransom for its return. Ransomware attacks surged by 144% in 2021 from the previous year, and the problem is only expected to develop in 2022.
Anthony comments: “A spate of high-profile ransomware attacks in 2021 has led many organisations to review their cyber risk controls and implement more effective strategies against data loss.
“While this might make it more difficult for cyber criminals to mount traditional ransomware attacks in the short term, attackers are incredibly agile, so we are expecting their strategies to shift in the coming year”
“To prevent your business from falling foul to a ransomware attack, there are two things to consider:
Preventing an attacker from gaining network access – investing in an external security assessment is the most reliable way to discover your vulnerabilities. Cybersecurity experts can then configure your security tools to protect you from the latest methods of attack.
Catching an attacker before it’s too late – it can take months for an attacker to gather the data they need to demand a ransom. Working with an external, specialised cybersecurity company that can monitor your system and quickly alert you to any suspicious activity can be the difference between a minor incident and devastating financial loss.
“Constant systems monitoring – by someone who is aware of developments in attackers’ tactics – will be more important than ever, as cyber criminals are looking for new ways to circumvent security operations. Currently, businesses are subject to 10,000 attempted attacks a day, but it often takes months for hackers to infiltrate an organisation’s most well-protected data. Catching a threat straight away, and acting quickly to mitigate the effects of a breach, will prevent attackers from stealing enough sensitive data to deliver a ransom.”
Phishing
Over 75% of cyber attacks start with someone opening a malicious email. These emails are designed to extract data from the recipient, usually a password, which is used to gain further access to an organisation’s network. Once an account takeover has been successful, hackers are able to mount more sophisticated attacks.
So how can businesses protect themselves from phishing scams?
Anthony comments: “Security awareness training is essential. Only 14% of UK companies perform cybersecurity awareness training, but educating employees on how to spot phishing scams is crucial.
“Things such as shortened links, an impersonal address, or anyone asking for private information, can all indicate that an email is not legitimate, even if it appears to come from a trusted source.”
The NCSC provides free security awareness training available here:
It is also imperative to set up Two Factor Authentication on email accounts and ensure the secure configuration of your email service.
Business Email Compromise Attack
In 2022, when so much business will be conducted through online conversations between remote workers, organisations need to be aware of business email compromise attack – also known as ‘conversation hijacking.’ These attacks are well-researched, and highly personalised, making them difficult to detect and very effective.
This kind of attack usually comes once access has been gained through a phishing attempt. A hacker reads through breached emails to learn as much as they can about business practice and payment details.
Next, they will use this information to craft seemingly authentic messages which can be sent to both employees and customers, with the aim of tricking them to transfer money or update their payment information.
“A scam that we are seeing more and more frequently is when a hacker impersonates an organisation’s CEO to redirect large payments to their own accounts,” says Anthony.
“Once this money has been lost, it is almost impossible to retrieve, so it really is crucial to prevent hackers gaining access in the first place – and to have your accounts frequently and carefully monitored by cybersecurity experts who can spot an intruder before the final attack has been mounted.”
Napier responds to fears tech employers are missing out on huge talent pool
EDINBURGH Napier has received funding to help people with a range of conditions boost their career prospects by developing their skills in cybersecurity.
National skills agency Skills Development Scotland has provided grants totalling £150,000 to the University, Inverness College UHI, West Lothian College and Perth Autism Support for new education programmes.
The MASCOTS project, which follows a successful pilot programme, will see Edinburgh Napier’s School of Computing support neurodiverse learners as part of a drive to combat the global surge in cybersecurity threats.
Neurodivergence, where the brain functions, learns and processes information in different ways, includes Autism, Dyslexia, Dyspraxia, Dyscalculia, Dysgraphia and Attention Deficit Hyperactivity Disorder (ADHD).
By offering supportive learning environments and industry mentorship, the University programme aims to nurture talent and equip neurodiverse learners with the skills to help satisfy the mounting demand for people who can identify and thwart the next generation of cyber criminals.
MASCOTS, which stands for Mentoring; Articulation; Supporting; Careers; Opportunities; Taster; and Sustainment, will provide real industry skills for 16 people recruited to the course through the Into Work charity.
The eight-day programme over four weeks in November and December will combine online and classroom teaching, followed by a careers event in January which will introduce the learners to employers.
The core Edinburgh Napier team are Professor Bill Buchanan, from the School of Computing, Basil Manoussos (The Cyber Academy Manager) and Matt Burdge (Business Development Manager).
Professor Buchanan said: “A more diverse and inclusive world allows every single person to achieve their full potential. We are all different and all wonderful in our own ways.
“Being different is good, and brings forth new ideas and new viewpoints. We spend too much of our lives trying to be normal, but there’s really no such thing as normality.”
Basil Manoussos added: “A core part of the work is the creation of a mentorship scheme.
“We aim to provide one-to-one support, and focus those with neurodiverse conditions on understanding how they can match themselves to the jobs market, and on developing their career, and we are keen for those in industry to come and help support our candidates.”
Matt highlighted the need for a strong industry network.
He said: “Edinburgh Napier is a leader in cybersecurity education with NCSC (National Cybersecurity Centre) certification for both its undergraduate and postgraduate programmes, and is developing a network throughout Scotland and beyond to ensure all learners have a suitable pathway to education and future careers in the industry.”
Claire Gillespie, Digital Technologies Skills Manager at Skills Development Scotland, concluded: “With more than 13,000 job opportunities waiting to be filled in the tech sector, we need to look at as many different ways as possible to plug that skills gap.
“By ensuring neurodivergent people are given all the support they can get in education, which this funding aims to achieve, we will be able to help them as individuals while also building cybersecurity capacity in the tech talent pipeline.”