Whether hanging stockings, lighting candles on a menorah or gathering for an Airing of Grievances, if you are an IT professional visiting family this season, you will inevitably be asked to fix the family computer, tablet, smartphone or programmable thermostat while you’re there.

As an introvert, I use the hour I might have to spend uninstalling browser toolbars and removing adware to recharge from the intensity of so many people crammed into one place. It’s my own little holiday within a holiday. However, I do wish I could leave my family with a list of things not to do on a computer or tablet.

Fortunately, there’s enough combined internet security brainpower at IBM to create such a list. In fact, we have a handy printable version you can leave with your folks on your next visit.

Online Safety Tips to Fix the Family Computer

At its core, the advice boils down to increasing awareness of your digital surroundings. Here are some examples.

Trust Is Tops

  • Only use trusted apps or software. Download apps directly from trusted app stores such as iTunes and software from well-known sites such as CNet. Be especially careful of apps or software you’ve never heard of or malware posing as legitimate apps. If you’re unsure if an app is legitimate, check the ratings and reviews in the app store. If it’s a major retailer and it only has one review or a low rating, it might be a copycat.
  • Don’t trust every search result. Just because you get dozens of search results for “free golf handicap spreadsheet calculator” doesn’t mean you should download each one to try them all. Office documents and spreadsheets are notorious for hosting malware within embedded macros. If you frequent forums or communities of interest, ask what software others have used.
  • Beware of extras when installing software. Even legitimate software or browser add-ons can be accompanied by malware. Remember that every new app or software you install is a new potential entry point for cybercriminals. Be sure to uncheck extra software options unless you really need them.

Don’t Click That

  • Beware of unexpected emails. IBM X-Force has observed scammers using fraudulent package tracking emails, for example, to spread malware such as Locky ransomware. Be cautious and wary of unsolicited emails.
  • Double-check links. Scrutinize links in emails and social media posts. Hover over the URL to make sure a link directs to a legitimate website before clicking it.

Protect Your Passwords

  • Don’t save your info. Yes, it’s a pain to retype your info every time you want to order something online, but you should never save your password or credit card information in retail or bill payment sites, especially those you don’t frequent.
  • Use a special shopping email address and password. Have a separate email address just for retail websites and create unique passwords for each account. Use a password wallet to store your login credentials.
  • Get creative with password reset questions. When filling out account information, opt for the password reset question that doesn’t involve public information. For example, don’t use your high school mascot, since that could be found online. Instead, pick a subjective question (favorite dessert, favorite song, etc.) and enter answers that only you would know. You can also create unique answers to each question and store them securely in a password wallet.

Control Your Credit Cards

  • Opt for credit over debit cards. Use credit cards instead of debit cards whenever possible. Credit card providers offer protections if your card is compromised and won’t dock your checking account if there’s an issue.
  • Use one-time credit cards. You may want to consider a one-time credit card when buying from a nontrusted or entirely new retailer. That way, you can avoid putting your personal card data at risk.
  • Monitor accounts for unusual activity. Be sure to check your accounts frequently, especially during the holiday shopping season. Visit any of the three credit bureaus — Equifax, Experian or TransUnion — to place a fraud alert or freeze on your credit report or to learn more about credit fraud.



Have a Happy, Hack-Free Holiday!

I wish my fellow IT professionals luck this holiday season. Personally, I hope I won’t have to fix the family computer again in 2017. I will, however, commit to fixing the adjustable thermostat, since I’m always the coldest one in the house.

If you’d like to learn more about particular attack vectors, check out the many reports available from the IBM X-Force research hub. And don’t forget to print the handy tips list above to leave with your family!

More from Threat Research

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Defending Education from Cyber Threat Attackers

Threat actors — and particularly ransomware attackers — have education institutions in their crosshairs. From Vice Society’s September attack on schools in California to Snach’s late October assault on schools in Wisconsin, threat actors are not holding back when it comes to preying on schools. K-12 schools are the most vulnerable within the education industry, with many having only small staffs and even smaller budgets for defending against attacks. In addition, attacks have trickle-down effects on school staff, students and…

What Hurricane Preparedness Can Teach Us About Ransomware

Each year between June and November, many parts of the U.S. become potential targets for hurricanes. In October 2022, we had Hurricane Ian devastate Florida. To prepare for natural disasters like hurricanes, organizations are encouraged to build out and test business continuity, disaster recovery, and crisis management plans to use in the response efforts. Millions of dollars each year are spent on natural disaster preparation, but natural disasters are not the only disruption businesses face. While we can’t equate the…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…