Staying safe online this Christmas

Dec 23, 2021

The Christmas period is almost upon us – one thing is for sure, with the current status of COVID-19 and increasing restrictions, this may well be another Christmas spent at home for many. Now we understand as a Cyber Security company, there isn’t much we can do to change that, however, one thing we can do is help ensure that you keep yourselves safe this holiday period from any nasty, unwanted surprises.


With many organisations opting to allow staff to work remotely, we are also seeing a huge increase in customers doing the same with their Christmas shop. Not only can it be a more convenient process for customers to shop online, but access to an entire galaxy of online shops, services or platforms can be confusing to navigate – not to mention the different types of threat-actors out there waiting for you to make a mistake! To help with the transition, here are some important (but relatively simple) tips to ensure your data remains your own this holiday season..

HTTPS > HTTP

Hypertext transfer protocol secure (HTTPS) is a protocol used to send data between a web browser and a website. Compared to websites that only use HTTP, HTTPS encrypts transmitted data, increasing the security of data transfer while also protecting the users. This is particularly important when sensitive data is often transmitted, such as by logging into a bank account, email service, or entering your card details into an online checkout service.


All websites should be using HTTPS - especially those that require login credentials. Currently, web browsers such as Google Chrome flag websites that aren’t using HTTPS as non-secure and should be avoided.


Achieving HTTPS on a website is not particularly a difficult task, so, if a service provider is not willing to take the necessary steps to implement the protocol, you as a consumer should think twice about trusting them with your personal data

What is encryption?

Encryption is a process where inputted data is scrambled (hidden) so that any unauthorised users (threat-actors) cannot access your data. Readable text is altered into incomprehensible text which can only be unscrambled by authorised users who have access to the necessary key. This way, only trusted sources can access the data required and the confidentiality, integrity and availability of data is ensured.

Use a VPN

Speaking of encryption, VPNs (Virtual private networks) are an online service used for securing and privatising your internet browsing activities by connecting device(s) to an encrypted, private network. When using a VPN, anything performed online will first be sent to the VPNs server, where identifiable details such as your IP address and location will be modified, and your connection will be encrypted. Ultimately, anyone who tries accessing this data will not be able to identify you or any of your personal data.


Typically, VPNs are used by those who want to increase their online privacy by restricting the amount of data that would usually be accessible by your ISPs (Internet Service Provider) and by anyone trying to gain access on public Wi-Fi.


If you would like to know more about VPNs, the different types, and their advantages, then please read our dedicated VPN blog.

Don’t use public Wi-Fi

We’ve all been there, out and about, no access to the internet or poor data connection and an increasing urge to look at our emails, check our bank balance or make an online order. Typically, you’d connect to the publicly available Wi-Fi at your convenience, grab your smartphone/laptop and problem solved, right?


The truth is, anything you do on a public network is, well, public! Public Wi-Fi is described as the virtual playground for hackers as they can easily access your data. if you were to do anything such as logging into online banking or emailing customers with personal details, you can be certain that whoever has access to the network also now knows these details too – it is scary to think that something so simple can create so many vulnerabilities.


If you ever find yourself in a similar situation and must connect to public Wi-Fi, then we recommend:


  • Ensure the public network is from a trusted source – threat actors can and will create real-sounding public networks to entice people into connect to them
  • As mentioned above, only visit websites that are secure – sites with https are using the latest encryption protocols whereas sites using http are not
  • Make sure that your device is using an optimal firewall
  • Do not communicate sensitive data - If you don’t have access to any tools to keep your data safe, it’s best to stick to low-risk websites and avoid performing any sensitive actions until you can ensure you are safe to do so
  • Do not log into online banking – only use websites that are secure low-risk such as listening to music
  • Use a VPN – connect to an encrypted network and disguise your activity

Be careful about the emails/offers you click on

I’m sure you’ve already noticed the increasing number of emails and SMS messages you receive daily regarding special offers and account troubleshooting. Since COVID-19 we have seen a major increase in the amount of Phishing and Smishing campaigns people are experiencing. In situations like this, threat-actors are preying on vulnerable users and taking advantage of anyone who doesn’t realise they aren’t who they say they are. It’s not always easy to recognise phishing messages, particularly if you are a client of the company from which the message has supposedly been sent.

Identifying social engineering attacks:

  • Even though the ‘From:’ field of the message shows the address of the company, it is not difficult for a criminal to alter the source address of the email in any mail client.
  • The email may have the logos and trademarks of the organization, yet these can easily be lifted from the company’s website
  • The link in the email seems to point to the company’s website, though really it takes you to a fake page which will ask you for your username, password, etc
  • Very often these messages contain spelling or grammatical errors that you would not normally expect in official communications from the genuine company


Another thing to be aware of is that although we normally talk about phishing in the context of banks, cyber criminals often use any popular website or platform (eBay, Facebook, PayPal, etc) as bait for stealing personal data.


No company will ever ask you to send them your personal details over email or text. If they do, be very suspicious!

Use Password Management Software

This may seem like a simple tip, but it may be one of the most important ones so far. The frustrating part about the amount of choice you’ll have online this Christmas is the fact that you will have to sign up for each website which requires a password. Yes, it may be convenient to use the same password as it only requires you to remember that one password. However, if one website were to become compromised, then that threat-actor would have the necessary tools to every single account that uses the same password.


We always believe something like this wouldn’t ever happen to us, but the fact is, it so easily can. Even if a threat-actor does not act, they could easily sell it to another person that happily will.


A very simple fix is to obtain a password management software package - password management tools (such as 1Password or LastPass) ensure that users are not storing their passwords on physical devices (can be accessed by other people) or through their memory (will not be a secure password). The passwords for every account you hold can then be managed on the software rather than in your head, on an old spreadsheet or piece of paper. All that is required is you to remember one core master password and the software does the rest.

Password management tools will alert you about repeated passwords while also having tools that can quickly generate and store long, hard to replicate, and secure passwords so you don’t have to constantly create new and secure passwords yourself. These tools are also easily accessible and can be downloaded on devices such as your smartphone if necessary.

Multi Factor Authentication
MFA (Multi-Factor Authentication) is an authorisation method that requires two or more successful prompts to verify a user’s identity. These prompts could be a fingerprint scan, entering a pin, or even accessing another account such as their email to repeat a specifically generated code. After verifying their identity, staff will only then be given access to their account.

Accounts that require identity authentication reduce the risk of a successful brute force password attack. So, if an attacker successfully guesses the correct password, they still cannot access your account.

Follow Us

Be the first to know

You might also like

Seventy-three percent of SMEs pay up after a ransomware attack

16 Feb, 2023
SMEs are a true economic powerhouse in the UK. Although many of these companies believe that they are too small to be attacked by cyber criminals, almost half of all cyber attacks in the world target this kind of business.

The UK Online Safety Bill – What You Need to Know!

09 Feb, 2023
Since 2021, the British government have been debating a new legislation to make the internet a safer environment for everyone. Here's what you need to know.
What is a Cyber Security Audit?

What is a Cyber Security Audit?

By Eazi Business 01 Dec, 2021
A cyber security audit is a systematic, independent review and analysis of an organisation’s current cyber security posture and IT infrastructure set-up – with the purpose of identifying potential threats and vulnerabilities, to expose weaknesses and high-risk practices.
More Posts
Share by: