Article · Nov 19, 2020

Are you giving too much (data) during the holidays?

Holiday time is the season for generous giving. In fact, non-profits expect to raise up to 50% of their annual revenue during the six weeks that constitute the holiday giving season. Giving back to those we love and to the less fortunate is what holiday cheer is all about. But (there’s always a “but”) you may need to be careful about giving away too much over the holidays. We don’t mean controlling how much you spend over the holidays.

What to Know

The holidays are a time for generous giving
There are risks with giving away too much of our data
Cybercriminals can use our generosity against us
There are several best practices we should observe while holiday shopping
You should always use backup to prevent cybercriminals from holding your data hostage

Holiday time is the season for generous giving. In fact, non-profits expect to raise up to 50% of their annual revenue during the six weeks that constitute the holiday giving season. Giving back to those we love and to the less fortunate is what holiday cheer is all about. But (there’s always a “but”) you may need to be careful about giving away too much over the holidays. We don’t mean controlling how much you spend over the holidays. After all, you’re an adult and you know what a healthy spending level is. No, what we’re talking about is giving away too much of your personal data.

Every year, more of us conduct our holiday shopping online. And that was before the global coronavirus curtailed in-person shopping for most of us. Now, with online shopping becoming the norm, it’s up to us to be extra diligent about practicing safe cybersecurity habits. That means being careful to avoid sharing more information than we should and using strong passwords on our favorite holiday shopping sites. It also means applying a heightened level of scrutiny when making charity donations.

Be a Password Scrooge

Almost every online transaction requires you to register for the site, or at least register as a guest user. This typically entails entering your email address and creating a password. Your email address is most likely necessary to confirm your order and send you tracking information. But you’ll also probably be asked to join a mailing list, sign up for a newsletter or agree to receive ongoing promotions.

Remember, you’re not required to do any of these to complete a transaction. If you’re interested in receiving follow-up communications from the seller, by all means, check the box (or leave it pre-checked, if that happens to be the case). But agreeing to receive marketing offers or a newsletter will have zero impact on the merchandise you order or how soon you’ll get it.

Additionally, try to use a unique and complex passphrase when registering for a site, something different from what you use for your important financial and other personal login credentials. A data breach at one e-commerce site can expose other confidential information online if you’re using the same login credentials across multiple sites. If the site gives you the option of enabling multi-factor authentication (MFA), you should take them up on it. MFA requires cybercriminals to have two pieces of evidence to authenticate a login attempt, which is far more secure that just an email address and password.

Beware of Phishing

During the holidays, you can expect numerous follow-up communications from retailers and e-commerce sites where you’ve made holiday purchases. In many cases, you’ll be expecting these emails in your inbox, which means you’re more likely to open an email if it looks like it comes from a store you’ve visited or the banking institution you used to complete a transaction. These follow-up communications are easily spoofed by experienced cybercriminals. If you provide personal information in the course of responding to these malicious attacks, or click on links embedded in these emails, you could be setting yourself up to become a victim of a cyberattack.

Closely inspect follow-up communications from retailers, e-commerce sites and banking institutions. Carefully scrutinize the “from” line and pay attention for unusual website addresses, misspellings and requests for personal information. Don’t click on links or attachments from unfamiliar senders. And be sure you’re using backup to protect your computer files, just in case you accidentally click on a bad link and wind up getting infected with a ransomware virus. With backup, you’ll be able to get copies of your files restored to your machine without paying a ransom.

Hackers can also gain entry to your system using macros, which is a feature of software applications like Microsoft Word and Excel. Macros automate tasks that you perform frequently, saving you time. But some macros can create a security risk. Hackers often introduce macros that can spread a virus on your computer. To prevent this from happening, you should only enable macros on files you can trust. And make sure your computer isn’t set to automatically open macros. You can disable this feature by following these steps:

Go to: File > Options > Trust Center >Trust Center Settings
Choose the Macro Settings tab
Click Disable All Macros Without Notification
Choose OK

Keep in mind that changing the setting in one Microsoft application doesn’t change it in all of them.

Watch for Charity Scams

We all want to spread holiday cheer during the holidays. But no one wants to make an accidental “donation” to a criminal enterprise. Before you make a donation to a charity you want to support, make sure it’s the real thing. The Federal Trade Commission offers tips on how to perform your own due diligence on a charity organization and make sure you’re donating to a worthy cause. Just a few of those tips include:

When you’re considering a charity, search its name plus “complaint,” “review,” “rating” or “scam.” If you find red flags, it might be best to find another organization.
Does the charity’s website give information about how it uses donations or how much of your donation will go directly to support the programs you care about?
Use one of these organizations to help you research charities: BBB Wise Giving Alliance, Charity Navigator, CharityWatch and GuideStar.
See what your state’s charity regulator has to say about the charity. If you don’t know who that is, you can look it up at The National Association of State Charity Officials (NASCO) .
Before you donate, read the article Donating Through an Online Giving Portal, available at FTC.gov/Charity.

Stocking Stuffers

The holidays can be a stressful time of year. One thing that will definitely add to your stress levels is falling for a holiday shopping scam online. Here are a few final tips from the Federal Bureau of Investigation to help you practice safe gift-giving without giving away too much this holiday season:

Always get a tracking number so you can verify items shipped and follow the delivery.
Beware of sellers who seem as if they reside in the U.S. but respond from out of the country for business, family emergency or similar reasons.
Avoid sellers who post under one name but request payment be sent to someone else.
Avoid sellers posing as authorized dealers of popular items in countries where there would be no such dealers.
Check the feedback ratings and peer reviews of any buyer or seller before a transaction.
Avoid buyers who make odd requests to avoid customs or taxes inside another country.
Be suspicious of deals that seem too good to be true.

For more information on how to stay cyber resilient, check out these 6 Tips for a More Cyber-Secure Holiday Season.

Author

Steve Jurczak

Product Copywriter

Steven Jurczak is a Product Copywriter on the Corporate Marketing team at Carbonite. He blogs about backup and recovery technology, information security and IT industry trends.