CISO Corner: Getting a Foot Up With Online Shopping

Thanks to our guest author this month – Kelly Hamill.

This time last year, I was an occasional online shopper. Yes, there were lots of packages that arrived at my home, but they were usually for my daughter. Then I broke my foot seven weeks before Christmas (dogs were involved, in case you were wondering). E-commerce quickly became a necessity for all my holiday shopping. I kept to pretty traditional websites – Toys R Us, Amazon, and a few well-known clothing outlets – and Online shopping worked really well. Just when I was becoming more mobile, and less fearful of the ice and snow, the pandemic arrived. Non-essential businesses closed their doors, social distancing became a thing, and grocery shopping was quickly added to my list of online activities.

As we continue to follow health guidelines and stay home as much as possible, online shopping is becoming the go-to. In addition to the well-known websites, many smaller merchants have now gone online and it has become more important to support local businesses. Local businesses don’t always deliver, but they may offer online ordering and curb-side pick-up.

There are risks to shopping online. Clicking on a malicious link can infect your machine. Your credentials may be stolen. The site might be fake and take your payment without providing the merchandise. So, what can you do to protect yourself while shopping online? Here are some tips to keep in mind:

• – Shop at trusted sites. Online stores that also have a brick-and-mortar location are usually a safe bet. If you aren’t familiar with an online site, spend a few minutes doing a background check and checking their return policy. If you can’t find reliable, favourable reviews, don’t order from it.

• – Too good to be true? Possibly. Deals that offer really low prices just might be fake news. They may be trying to scam you or lead you to malware.

• – Never share your credit card information on a site that is not secure. Look for a URL that starts with the https instead of http and displays a lock to the left of the URL.

• – Use a credit card for online purchases. Credit cards have fraud protection; if you use a debit card and your card is compromised, the bad guys have access to your bank account.

• – Don’t provide more information than necessary. An online retailer does need your credit card information if you make a purchase. They do not need your Social Security/ Insurance Number.

• – Password, password, password. Create unique passwords for each site. If your credentials are stolen from one site, all your other accounts won’t be compromised.

• – Check your statements and accounts regularly. If you notice any records that you don’t recognize, contact your credit card company or bank immediately. In fact, many credit card sites provide you with the option to receive a text or email whenever your card is used.

• – Be wary of pop-ups. They may be a lure into scams and malware.

Being aware and thoughtful, with a good measure of caution, can go a long way to a successful shopping trip without leaving the comfort of your home.

Have fun shopping, and stay cyber-safe!

Kelly Hamill

Risk, Security & Privacy Consultant