A 5-Step Checklist for Staying Cybersafe While Shopping Online

Cyber Safe

Just in time for the busy holiday season, here are some simple tips to protect yourself when shopping online, as well as suggestions for staying cybersafe while travelling, too. Photo: Silke Woweries / GettyImages

Online shopping will likely dominate again this holiday season, whether due to concerns around the ongoing coronavirus pandemic, a brutal flu season and other viruses, or because it’s just, well, more convenient to have packages shipped to your door.

Cybercriminals, unfortunately, like to go where the action is. Here are some simple tips to protect yourself during the busy online shopping season, and some suggestions on staying cyber-safe while travelling over the holidays, too.


1. Use Strong and Unique Passwords


Your first line of defence is to have a strong password for all your accounts, which is at least seven characters long and a combination of letters, numbers, and symbols (bonus points for adding upper and lowercase characters). 

Seriously, please avoid easy to guess passwords, like “123456789” or “password.” You know who you are.

Never use the same password for all your online activity because, if a site or app is breached, the crooks will have access to all your online accounts. Password manager apps like 1Password, Dashlane, Roboform, ESET Password Manager, and LastPass are a good idea.

Or you can use a passphrase instead of a password, such as “lovemyc@tM0lly” (derived from “love my cat Molly”).

For online banking and shopping apps, opt for “two-factor authentication,” which not only requires your password to log in, but also a one-time code sent to your mobile device, to prove it’s really you. In other words, two-factor authentication combines something you know (password) with something you have (phone).


2. Ensure It’s a Secure Connection, Payment Method 


Always use a secure Internet connection when making a purchase.

Reputable websites use technologies such as SSL (Secure Socket Layer) that encrypt data during transmission. A webpage is secure if there is a locked padlock in the corner of a browser or if the address starts with “https” instead of “http” (the “s” stands for “secure”).

Resist shopping over free public Wi-Fi hotspots as it could also put your credit card information and passwords at risk. Instead, use your smartphone’s cellular service or wait until you’re at home. 

Only shop on sites that take secure payment methods, such as credit cards and PayPal, as you’ve got buyer protection just in case there’s a dispute. If the product never ships, if it’s not what you ordered or if your Christmas gift arrives sometime in, say, February, then you’ve got some recourse. Plus, you won’t be liable for any fraudulent charges.

Carefully scan your credit card and bank statements every month and immediately report anything suspicious.

Pro tip 1: It’s recommended to use a store’s app instead of a web browser, if it’s offered, as it’s generally safer.

Pro tip 2: Use gift cards instead of credit cards (if the online retailer offers it) to shop online — this way you won’t have to provide any financial information.


3. Update Software, Use Good Cybersecurity


Companies periodically find vulnerabilities with their software and release updates or “patches” that fix these issues.

So, be sure to set up automatic updates on all your tech, including your operating system, web browser, apps, and other software so you don’t need to remember to do it.

For software that doesn’t allow for automatic updates, check for updates regularly. 

On a related note, be sure to use reliable “anti-malware” software to fight “malicious software.” Yes, it used to be referred to as “antivirus” software, but “anti-malware” also includes all the other threats that loom in cyberspace, such as spyware, ransomware, worms, rootkits and Trojan horses.

Updated annually, anti-malware software can identify, quarantine, delete and report any suspicious activity. Good cybersecurity software will automatically update itself with protection against the latest threats but don’t forget to renew when it’s time so you’re protected against the latest threats.

Sometimes included in your cybersecurity suite, a virtual private network (VPN) is also a good idea because it conceals your online whereabouts from those who might profit from tracking your activity. A browser’s “Private” or “Incognito” mode isn’t the same thing, as it only wipes your history and cookies clean when you close the browsing session; what you’re doing while online can still be seen by your service provider, the government, advertisers, and malicious types.

And watch out for scams in the form of authentic-looking emails and texts; these “phishing” attempts are meant to “lure” you into giving out personal or financial information, which can be used for identity theft.


4. Lock Your Phone, Set Up Tracking


About 90 per cent of Canadians own a smartphone, which is easy to leave somewhere especially when preoccupied while traveling over the holidays.

If you don’t lock your smartphone with a four- or six-digit PIN code, password, pattern, or biometrics login (like a thumbprint or facial scan), anyone who finds your missing phone, such as in the back of an Uber, can access your information.

Since your phone will require a PIN to access, be sure to keep a digital scan of important documents your passport, vaccine proof and driver’s license just in case you misplace your paper documents. Having a digital copy with you could be a help before getting replacement documentation.

While you’re at it, be sure to link a credit or debit card to your phone, using a free service like Apple Pay or Google Pay. That way, in case you lose your wallet, you can still tap your phone to buy things.

One more phone tip: if you haven’t done so already, be sure to set up your device’s “Find My Phone” feature so you can locate it on a map, if need be. If it’s stolen, never try to retrieve it yourself. Instead, work with the local authorities, just to err on the side of caution. On iPhone, it’s part of the Find My app. For Android, if you’ve added a Google Account to your device, Find My Device is automatically turned on.

You might also consider picking up those trendy trackers (from $39) to help locate missing items, like a purse, luggage, backpack, car keys, or whatever they’re connected to. Simply open the companion app to make the trackers beep loudly and show you where it is on a map.


5. Back-Ups Are a No-Brainer


No one thinks they’ll be hit with a cyberattack, so most of us are reactive rather than proactive when it comes to protection.

But if you’re going to do at least one thing, back up your important computer files on a regular basis just in case.

This can be handled automatically, thanks to the many free scheduled backup programs available today, or manually, where it’s up to you to select which files to backup say, in Windows Explorer (on a PC) or Finder (on a Mac) and then copy them to an external hard drive, USB thumbstick, or perhaps upload to a cloud account (like iCloud, OneDrive, Dropbox, Google Drive, and so on).

As the proverb goes, an ounce of prevention is worth a pound of cure.