Sign In

Security Awareness

Breaking News

Security tips for the holiday season

​As we enter the busy holiday season – which includes travel for many people – our information security team offers important reminders of how we can best protect ourselves, the Society, and the sensitive information and transactions we deal with every day. 

1: Update your devices’ operating systems and software.

Before you travel, make sure your smartphone and computer operating systems and software are up-to-date.

2: Take only what you need.

Do you really need to pack 15 different electronic devices? The more devices you take, the more you’ll have to keep safe from hacking, theft, or accidents.

3: Lock down your devices.

Make sure that all the devices you take on a trip are protected with strong passwords, and/or a biometric lock, and disable any file-sharing capabilities. Avoid taking devices that contain sensitive data. If you cannot avoid traveling with a device that contains sensitive data, consider encrypting it using encryption software.

4: Use caution on public wi-fi.

Many airports, hotels, and restaurants offer free, unsecured public wi-fi, which poses a multitude of cyber security risks. Avoid using these networks. Tethering to your phone is a much safer option. If you absolutely must connect to a public wi-fi network, follow these best practices.

5: Don’t leave devices unattended.

Lock up any devices you leave in hotel rooms, and never leave your devices unattended in public areas, not even for a moment. For example, never set your phone down on a counter while you reach into your purse or wallet. When using your devices in public areas – especially crowded ones – conceal your devices as much as possible. Keep them tucked inside interior pockets or hidden inside zippered bags, and make sure those bags never leave your possession.

6: Don’t share your current location on social media.

Many social media sites have an option to “check in” to your current locale so your followers can track you on your trip. The downside of this feature is, hackers can also track your movements and use them to their advantage. For example, they can break into your home, office, or hotel room when they know you’re not there. It’s best to turn off this feature and maybe post where you’ve been after you’ve already returned home.

7: Don’t share your phone with strangers.

While traveling (or really any day), you may be approached by strangers with sob stories about losing their phone (or having it stolen) and needing to borrow yours to call for help. Never let strangers “borrow” your phone or any other device. It takes only a few moments for a skilled cybercriminal to install malware on your device – or simply to run away and disappear into a crowd.

8: Don’t use Bluetooth.

Many rental cars allow travelers to connect their smartphones using Bluetooth. However, some vehicles store your personal information, such as your contact list, even after you’ve terminated the connection. Enabling Bluetooth connectivity also leaves your device vulnerable to hackers. Turn off Bluetooth before you leave for your trip, and don’t turn it back on until you get home.

9: Turn off network auto-connect.

Many smartphones include a feature that enables them to automatically connect to available wi-fi networks. It’s good practice to turn off this feature, not only when you travel but permanently. Telling your phone to automatically connect to any available network leaves you vulnerable to man-in-the-middle attacks.

10: Use credit cards, not debit cards.

Always use a credit card, not a debit card, when paying for hotel rooms or meals or making any other purchases on the road. Point-of-sale systems are major targets for hackers, and if your credit card data is stolen, you have far more recourse to get fraudulent charges refunded than you do with a debit card. This also prevents hackers from getting access to your bank account. 

  • How to guard against cyber attacks

    Read on for some good rules to follow and solid habits to develop to ensure that you surf online more safely and securely.

    • Avoid public or free Wi-Fi. Attackers often use wireless "sniffers" to steal users' information as it is sent over unprotected networks. The best way to protect yourself from this is to avoid using these networks altogether. A more secure alternative may be using your smartphone to set up a personal hotspot, using a strong password.
    • Ensure the sites you use to access personal and financial information use HTTPS protocols. Check for an "https:" or a padlock icon in your browser's URL bar to verify that the communication between your computer or mobile device is secure before entering any personal or financial information (on banking or travel sites, for example). The "s" in "https" stands for secure, meaning that the website employs SSL encryption for data in transit.
    • Regularly monitor your bank statements. Keep a watchful eye on your credit card and banking statements, so you can react quickly if one of your accounts is compromised.
    • Read those privacy policies and terms of service. Websites' privacy policies and user agreements should provide details on how your information is being collected, used, and protected, as well as how that site tracks your online activity. For example, will the company share your data with third parties? What happens to your data if you delete your account? You should avoid sharing information or creating accounts on websites that do not provide this information in their policies.
    • Disable passwords stored in your browser. Nearly all browsers offer to remember your passwords for websites to make it easier to log in again in the future. However, enabling this feature stores your passwords in one location on your computer, which makes it easier for an attacker to discover a list of your passwords if your system is compromised. If you have saved passwords in your browser, you are encouraged to disable that feature and clear any stored passwords using these instructions for each major browser. Secure password managers like LastPass and Dashlane are a more secure option for managing your strong online passwords. At home, your internet service provider may give you access to Norton or McAfee suites, which also feature secure password managers.
    • Beware of pop-ups or pages that prompt you to click a link and run software. Malicious websites can create prompts that look like messages from your browser or computer. These message pop-ups try to short-circuit your logic and make you panic, like with huge WARNING signs or statements like YOUR COMPUTER HAS A VIRUS. If you see a pop-up you think is risky, go with your gut. Immediately close out of the browser (Ctrl + W keys) without clicking on any OK buttons or links. Your IT department manages the programs necessary to protect your work computer, so no other software or scans are needed.
    • Watch for shortened URLs and numbers, hyphens, or special characters in a URL. As you learned in the Safer Web Browsing course, remember that hackers use legitimate-looking topics and manipulate URLs to trick you into clicking. Be wary of shortened URLs (services like TinyURL and Bitly), all URLs posted in Facebook and other social media sites, as well as those sent via email. Before you click, hover over and scrutinize each URL to make sure you will be taken to a legitimate website. You can even use a search engine to identify the actual URL for this company or website.

    These healthy habits can help you use online resources more safely and securely. Safer surfing helps to protect the Society – including its staff, investors, data, and mission – against cyberattacks and other online threats. 

back to top