Skip to main content

Cyber tips to keep the humbugs out of the holiday season

ASU global security strategist offers insight to keep online intruders at bay, and away from your children

Keyboard under green light
December 17, 2015

People buying holiday gifts enjoy the convenience of online shopping, which is projected to reach $83 billion in 2015, an 11 percent increase over last year. But even though online shopping can reduce the stress of going to crowded shops and malls, buying gifts through the Internet does create its own set of concerns — chiefly, the risk of fraud or third-party trackers that monitor our online habits. And with the rise of Wi-Fi-enabled devices it's worth being aware which gifts could transmit your children's personal data or whereabouts. 

Woman wearing a jacket

With that in mind, Jamie Winterton (pictured at left), director of strategic research initiatives with Arizona State University’s Global Security Initiative, offers some timely cyber security tips and strategies for the holiday shopping season and the new year.

Question: What are some easy ways to stay cyber safe while purchasing holiday gifts online?

Answer: There are lots of places to shop online, and every one of them wants you to set up an account. As burdensome as it is, creating a new password for each of those accounts will keep you safer. You can keep them safely organized with secure password management, like LastPass. I also recommend using a credit card instead of debit card for online purchases; this puts one extra safeguard between the online world and your personal bank account.

Q: How can we minimize spreading too much of our personal data online?

A: First, decide what “too much” means to you, and then assume that anything you put online could be publically accessible. Once you know what you do and don’t want to share, you can tailor your online behavior accordingly. It’s easier to think of it from a personal-comfort standpoint than an abstract list of rules that you have to follow. For example, if you like personalized advertising but don’t want people to know your home address, you can focus more on turning off location services when you don’t need them, and less on third-party tracking blockers.

Q: New toys, such as “Hello Barbie,” increasingly connect to the Internet, creating security issues that could expose children’s personal data, or even let hackers eavesdrop on communications between the toy and the cloud server. What can parents do to protect their children’s privacy after buying Internet-connected toys this holiday season?

A: First, consider whether or not the toy really needs to be connected to the Internet. Many toys have an online option, but what does that feature really contribute to your child’s experience? Think about just connecting the device once in a while for software updates, instead of having it hooked up 24/7. 

My other suggestion is to lie! These toys usually ask for a fairly detailed profile of the child. If you decide to connect toys or other ed-tech, consider: Does this item (and the company who produces it) truly need my child’s real name and age? Does it need the names of my child’s friends or pets, or details about my child’s hobbies? Kids' tech encourages so much personal data sharing, but we can’t be confident that this data will be kept secure. At my house, we talk about this as having a “secret identity” online, like a spy. The kids think it’s great.

Q: What are some easy tools shoppers can employ to block malvertisingMalvertising, from the term "malicious advertising," is the use of online advertising to spread malware that could infect your computer. and third-party trackers?

A: The amount of malware found on advertising networks (“malvertising”) has increased sharply over the past year. I use AdBlock Plus to stay safe from ads containing malicious scripts that can either hijack your computer or snoop around your machine. I also use the Ghostery browser extension, because I don’t like third-party trackers profiling my behavior. Those two options are easy to install and provide good protection without affecting my online experience.