Cyber Monday Tips from a Cyber Security Guru
November 25, 2020
by Randy Boyle, PhD, Weber State University, professor, management information systems
Most retailers make 20 to 30% of their annual revenues between Thanksgiving and Christmas. Most of these are online purchases made using payment cards. This year, COVID-19 has boosted online purchases. Amazon’s quarterly net income doubled this year ($5.2 billion) due to a surge in online shopping. And it’s not just Amazon. Other online retailers have seen similar jumps in online sales. But are online sales secure? Is your information being protected after your purchase? Could hackers take advantage of this surge in online sales? Like most real-world questions, the answer is yes and no.
The transfer of your information to the online retailer is secure. The connection is encrypted and not something to worry about. That’s not when your personal information is stolen. It’s stolen after you make the purchase. In some cases, your information is stolen during the purchase when your payment card is being processed.
DATA BREACHES
First, the frequency and size of data breaches has exploded over the past 10 years. Companies have moved their systems and data to the cloud… and hackers know this. Companies moved to the cloud to reduce costs (which has happened), but the downside of this shift to the cloud is that it has become easier for hackers to steal customer data. Nearly every major company has experienced a data breach in the past 10 years. They’re losing hundreds of millions of customer records at a time. It’s a data loss epidemic.
Six Insider Tips to Help You Protect Yourself:
A few practical changes can really help you be more secure when shopping online.
- Shop from reputable online retailers. Amazon goes to great lengths to protect your data. They have large Cyber Security budgets, they hire highly qualified Cyber Security professionals to protect your data, they’re audited regularly, and they have a reputation to protect. Walmart, Target, eBay, Home Depot, etc. are also good options. You just want to avoid the unknown online retailer you randomly found on the Internet. If you want to support small businesses, which I fully support, then buy from a local retailer at a physical store.
- If you are purchasing locally, try to buy from retailers that use chip payment card readers. Avoid retailers that use the older swipe card readers.
- Don’t give out your real information. There’s no law that says you have to give anyone your real email address, phone number, password, etc. In fact, you shouldn’t be giving out your real information to anyone you don’t trust. You should have a “dumper” email address, password, and phone number that you can give out to anyone.
My dumper password is “thales.” I give it out to anyone that asks for it. That’s its purpose. See, now you have it. But I don’t use that password for anything else. It’s just for websites or companies that I don’t value, or I don’t trust. My real passwords are much more complex, and have absolutely nothing to do with my “dumper” password. I also have a dumper email address, which I really never check. I also have a Google Voice number that I give out to people that absolutely must have my number. I use it to call out at work, but it rarely gets answered otherwise. The voicemails are automatically translated into text that I can read later. They’re hilarious.
If someone is going to steal your information, make sure they steal fake information. Don’t give untrustworthy people your real information. A marine once told me his motto was, “In God we trust, everyone else keep your hands where we can see them.” Don’t trust online retailers easily or quickly. Reputable companies, fine, use your real email address. Everyone else… dumpers.
- Don’t click on advertisements, coupons, specials, or mega-super-awesome deals that come via email or social media post. Fraudulent emails are easy to craft, and pretty effective. I get a couple fraudulent emails each week. If you see a special offer, type in the URL directly and search for the product on the official website. Don’t click on links. They don’t necessarily go to the real website.
- Personally, I call my bank after our holiday shopping is completed and tell them our credit cards might be stolen. I ask for new cards. I just expect my credit card information to be stolen. I study data breaches and see billions of user accounts stolen each year. Statistically, somebody is going to lose my data. And they do, multiple times each year. I’ve checked (haveibeenpwned.com). My information has been lost in dozens and dozens of data breaches. I get new credit cards for the same reason I get a flu shot. Preventive medicine.
If you only use payment cards with chips for every purchase (inserted into the machine), then you don’t need to get new payment cards. If used at a local retailer, inserted into a physical card reader, you’re fine. But if you are still swiping your card or entering your card information online, then your card information can be stolen.
- If possible, use your credit card, not your debit card. Maximum losses for fraudulent charges on your credit card are $50 (Fair Credit Billing Act). Losses on your debit card could drain your account to zero.
ABOUT THE AUTHOR
Randall J. Boyle is an associate professor at Weber State University in the Goddard School of Business & Economics. He received his PhD in management information systems from Florida State University in 2003. He also has a master's degree in public administration and a BS in finance. His research areas include deception detection in computer-mediated environments, secure information systems, the effects of IT on cognitive biases, the effects of IT on knowledge workers and e-commerce.
Boyle has published in several academic journals such as Decision Support Systems, Journal of Management Information Systems, Journal of Computer Information Systems, and Journal of International Technology and Information Management. He has authored several books including Using MIS, Experiencing MIS, Corporate Computer and Network Security, Applied Information Security, and Applied Networking Labs.
Boyle has received university teaching awards at Weber State University, Longwood University, University of Utah, and University of Alabama in Huntsville. He has taught a wide variety of classes, including Cyber Security, Advanced Cyber Security, Telecommunications, Networking & Servers, System Analysis and Design, Decision Support Systems, Web Servers and Introduction to MIS.