Do you prefer to do your Christmas shopping online? Most of us do, but along with the convenience of not having to go into a shop, we all want to make sure our payment and personal info is secure.
With all the hacking, phishing, and information breaches popping up almost daily in the news the past couple of years, it’s become more important than ever to keep our information secure. Companies want to keep your trust, so they are constantly amping up cybersecurity measures so you feel safe using their card, site, service or shop. But it’s also up to you to keep your information secure. So when you’re clicking away on Black Friday and Cyber Monday to cross off the items on your Christmas shopping list, here are some key things to remember for some cybersecurity peace of mind:
1. Use a device you trust
This seems like an obvious one, but only use a computer, tablet, or smartphone that you trust. If any of the above are your personal property, make sure only you have the login for your device or user profile on a shared device. Also make sure to use a network connection that you trust. Don’t enter sensitive account credentials or financial information on a public Wi-Fi connection such as those found in a coffee shop or at a conference. University of Victoria users can use the VPN service to secure your connection, even on public Wi-Fi.
Did you know? Since launching in 2013, over 5 billion online accounts have been compromised in 325 data breaches. [1]
2. Keep your browser up to date
This is important because the newest version of your browser will have the most up to date security features for your internet browsing and online shopping experience. To check that your browser is up to date, you will need to visit your settings.
Did you know? The supported browsers on campus are IE, Chrome, and Safari on Mac computers.
If you’re a Chrome user, the Settings button is in the upper right corner, usually as an ellipses (…), but it will be an arrow if the browser needs to be updated. Once the update is done, Chrome ask to relaunch and off you go. When using Safari or Chrome on your iPhone, you might have auto-updates happening in the background, or you can update these manually in your Settings.
3. Know what you’re clicking
Phishing is a common online scam designed to trick you into revealing sensitive personal information (e.g. passwords, credit card numbers, your SIN) that is then used for fraud or identity theft. Phishing typically takes the form of an email message that appears to come from a trusted organization (e.g. your bank, your school, a shop you enjoy), but is actually from the identity thieves. It is intentionally difficult to tell the difference between a legitimate message and a phishing message.[2]
Cyber Tip: Hover your mouse over the email address it was sent from, or over the linked text. If it looks phishy, don’t click it. You also shouldn’t have to click to use a promo code. Don’t be click bait!
For more information on how to avoid phishing, visit UVic.ca’s ’10 Ways to Spot a Phish’ and enrol in University Systems’ phishing awareness training course.
4. Make sure sites are secure and encrypted
You might wonder what the little lock next to your URL bar means. In the case of most modern browsers, it means your connection is secure, the website is verified (certificate valid), and what you send and receive from the website is encrypted. If you click on the lock you will get more info on the site and can deep dive as much as you need/want to.
The symbols Chrome uses to show URL security are:
Information obtained from the Chrome support site. For more information on web security within Chrome, click here.
5. Be aware of where you enter your payment info
This is a long one. Stay with me. It’s important.
PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) was created and is enforced by the major credit card institutions to protect their customers’ information. The standard applies to companies of any size that accept credit card payments. If a company intends to accept card payment, and store, process and transmit cardholder data, they need to securely host customer data with a PCI compliant hosting provider. For more info, visit the PCI website.
What this means to you as a customer
In terms of e-commerce, if a site is accepting your credit card info directly, they have likely jumped through all the PCI hoops in order to be able to do this and/or are powered by Moneris, Ingenico, or another approved third party payment provider. (You may also need to log in to Verified by Visa or Mastercard SecureCode. If a site gives you the option (or the only option is) to pay via an approved third party site like PayPal or GPay, they still need to be PCI compliant, but they are not accepting payment directly from you. They have a contract with the trusted third party.
Cyber Tip: A company is NOT ALLOWED to directly store your payment info for recurring billing unless they have the appropriate level of PCI certification.
Many sites use Shopify as their e-commerce platform, and I like this particular option because Shopify will text you a code that you have to input before it will let you carry forward with your transaction. This practice is called Multi-Factor Authentication.
When you are on a site, you want to see any or all listed as forms of accepted payment – these are often shown at the bottom of the page. Some will also say “Powered by:” whoever their secure third party payment provider is as the bottom of the page.
In summary
Sites must use an authorized third party payment provider. And while it’s a bit of a pain to do the extra steps, it’s worth it for the peace of mind of a secure transaction. Basically, if the site is secure and you had to take a bit longer than you would have liked for your transaction, you can feel good about the security of your information.
6. Don’t share your passwords
Another obvious one, but for real, don’t. It’s also not a great idea to be saving your passwords in a spreadsheet or on a browser. But I really should be using Keepass. See #7.) For information on using KeePass at UVic, please see the University Systems website.
7. Log out and close your browser
Yes, this is annoying. But it’s worth the annoyance for keeping your information safe.
A good and secure way to store passwords is via a free password management program called Keepass. We use this in the University Systems General Office and it is OSI certified. More info on Open Source software certification can be found at https://opensource.org/.
8. Use antivirus software
A good antivirus, network threat protection, firewall, and real-time threat protection software can help ensure that your trusted computer is nor harbouring malicious software designed to capture your payment information or account details. University Systems recommends Symantec Endpoint Protection. This is installed on computers supported by University Systems and also available for use at home at no cost! For more information, refer to our website.
Click with confidence and feel secure this holiday season!
“Technology trust is a good thing, but control is a better one.”
~ Stéphane Nappo
_____________________________________
Yasmine Hardcastle is the Executive Assistant to the CIO of UVic, working in the General Office for University Systems. She is pleased to be working within a department of technologically inclined individuals, as they provide amazing insight and support in her work days. Outside of work, Yasmine is a freelance writer, blogger, and a certified yoga and pilates teacher. She is passionate about wellness, Earl Grey tea, and living like a local when she travels. Having recently moved to Victoria, she enjoys exploring her new hometown with her ex-pat partner, the Brit.
[1] https://haveibeenpwned.com/
[2]Definition from UVic.ca