Hacked for the Holidays: When You’re Asked to Fix the Family Computer
Whether hanging stockings, lighting candles on a menorah or gathering for an Airing of Grievances, if you are an IT professional visiting family this season, you will inevitably be asked to fix the family computer, tablet, smartphone or programmable thermostat while you’re there.
As an introvert, I use the hour I might have to spend uninstalling browser toolbars and removing adware to recharge from the intensity of so many people crammed into one place. It’s my own little holiday within a holiday. However, I do wish I could leave my family with a list of things not to do on a computer or tablet.
Fortunately, there’s enough combined internet security brainpower at IBM to create such a list. In fact, we have a handy printable version you can leave with your folks on your next visit.
Online Safety Tips to Fix the Family Computer
At its core, the advice boils down to increasing awareness of your digital surroundings. Here are some examples.
Trust Is Tops
- Only use trusted apps or software. Download apps directly from trusted app stores such as iTunes and software from well-known sites such as CNet. Be especially careful of apps or software you’ve never heard of or malware posing as legitimate apps. If you’re unsure if an app is legitimate, check the ratings and reviews in the app store. If it’s a major retailer and it only has one review or a low rating, it might be a copycat.
- Don’t trust every search result. Just because you get dozens of search results for “free golf handicap spreadsheet calculator” doesn’t mean you should download each one to try them all. Office documents and spreadsheets are notorious for hosting malware within embedded macros. If you frequent forums or communities of interest, ask what software others have used.
- Beware of extras when installing software. Even legitimate software or browser add-ons can be accompanied by malware. Remember that every new app or software you install is a new potential entry point for cybercriminals. Be sure to uncheck extra software options unless you really need them.
Don’t Click That
- Beware of unexpected emails. IBM X-Force has observed scammers using fraudulent package tracking emails, for example, to spread malware such as Locky ransomware. Be cautious and wary of unsolicited emails.
- Double-check links. Scrutinize links in emails and social media posts. Hover over the URL to make sure a link directs to a legitimate website before clicking it.
Protect Your Passwords
- Don’t save your info. Yes, it’s a pain to retype your info every time you want to order something online, but you should never save your password or credit card information in retail or bill payment sites, especially those you don’t frequent.
- Use a special shopping email address and password. Have a separate email address just for retail websites and create unique passwords for each account. Use a password wallet to store your login credentials.
- Get creative with password reset questions. When filling out account information, opt for the password reset question that doesn’t involve public information. For example, don’t use your high school mascot, since that could be found online. Instead, pick a subjective question (favorite dessert, favorite song, etc.) and enter answers that only you would know. You can also create unique answers to each question and store them securely in a password wallet.
Control Your Credit Cards
- Opt for credit over debit cards. Use credit cards instead of debit cards whenever possible. Credit card providers offer protections if your card is compromised and won’t dock your checking account if there’s an issue.
- Use one-time credit cards. You may want to consider a one-time credit card when buying from a nontrusted or entirely new retailer. That way, you can avoid putting your personal card data at risk.
- Monitor accounts for unusual activity. Be sure to check your accounts frequently, especially during the holiday shopping season. Visit any of the three credit bureaus — Equifax, Experian or TransUnion — to place a fraud alert or freeze on your credit report or to learn more about credit fraud.
Have a Happy, Hack-Free Holiday!
I wish my fellow IT professionals luck this holiday season. Personally, I hope I won’t have to fix the family computer again in 2017. I will, however, commit to fixing the adjustable thermostat, since I’m always the coldest one in the house.
If you’d like to learn more about particular attack vectors, check out the many reports available from the IBM X-Force research hub. And don’t forget to print the handy tips list above to leave with your family!