Don’t Get “Cyber-Scrooged”: Take Precautions When Holiday Shopping Online

As a provider of outsourced HR services, C2 often communicates with or transmits information between clients and vendors. We take great care to ensure that our electronic communications, online portals, websites, software, etc. are extremely secure. C2 is certainly not alone. Many businesses today implore robust software to scan their servers and computers for malware and viruses, utilize Virtual Private Networks (VPN’s), use encrypted messaging, and other security protocols to help ensure that their business and their clients’ activities remain secure – and yet online hackers still sometimes get around those measures. As individuals, when we shop online, we are often too quick to give out credit card information, names and addresses, and even birthdates or bank account numbers without much security – certainly not the same robust security utilized by much of the business community.

The holidays are the perfect season for scammers and hackers to try and steal credit card, bank account, or personal identifying information. While not everybody may be able to afford “state of the art” security protocols for every internet purchase this holiday season, there are some easy, inexpensive steps that you can utilize to help ensure that their online holiday shopping doesn’t lead to fraudulent purchases or identity theft by online hackers looking for easy victims.

A. For Individual Online Shoppers

Here are several practical tips that to help protect your personal information and online shopping transactions:

Use Credit, not Debit Cards – Although they may look the same, credit and debit cards are vastly different. Debit cards are linked to your personal checking account, and all purchases using debit cards come directly out of your bank account. Credit cards are not tied to your personal checking account, but rather to a “line of credit” of a certain amount that you can use to make purchases and pay for later. Credit cards have better built in fraud protections and do not allow hackers access to your personal bank accounts. Using a credit card with a small limit for your online purchases can also help limit your financial exposure in the event your account information is stolen.

Avoid Using Public Wi-Fi – Online shopping or banking activity should never be conducted over a publicly available Wi-Fi network. In other words, don’t do your online shopping or banking while sitting at Starbucks or in the waiting room of your doctor’s office. Use a private network that is also password protected (e.g., your home wi-fi network). Connecting to the internet using a personal VPN is also a good idea, even when logged in at home. The VPN allows you to browse the web almost anonymously, hiding your true location and protecting you from snooping by potential hackers.

Update Passwords Regularly – These days, it seems almost every website requires a username and password. Resist the temptation to utilize a default password (or some derivative of that root password) for most of the shopping sites that you frequent. Instead, create unique passwords for each website…and then go back and change them periodically. The last thing that you want is for a hacker to get your Amazon password and then be able to login to twenty different websites as you utilizing that same password! Online accounts for credit cards, banks, mortgage companies, utilities, and even email are common hacking targets, so take special care to diversify those passwords and change them frequently.

Software and Antivirus Updates – Operating system updates and antivirus definitions should be installed as soon as you receive them. Your operating system and anti-virus software routinely update protections to combat new and emerging cyber threats. If you shop online using your phone, make sure you also download antivirus software for your phone. In some ways, your phone is even more vulnerable to hacking than your desktop or laptop.

Beware of Phishing Scams – This time of year, e-mail inboxes get flooded with holiday offers for goods and services. Many of those offers are legitimate; some however, are not. Avoid opening e-mail attachments and clicking on links imbedded in the email from senders that you do not recognize. Often the fraudulent attachment or links contain malicious content that can infect your computer or cell phone and steal information you have stored on the device (e.g., passwords, contacts, apps, photos, etc.) Also, be suspicious of e-mails or phone calls requesting that you verify account information, such as login ID’s, passwords, account numbers, etc. Legitimate businesses almost never call or e-mail you directly for this information. When in doubt, delete the e-mail or call the company yourself to find out if the inquiry is legitimate.

B. Tips for Merchants and Businesses

Businesses that process credit card payments online (e.g., Amazon, Netflix) are always targets for hackers. But any business that utilizes e-mail and the internet to conduct business (even if they don’t process credit card purchases) is at risk of having the company’s or its clients’ information stolen and should take some common sense precautions, especially around the holidays when hackers are the most active.

Firewalls and Intrusion Prevention – Any business that utilizes websites or portals where clients or the public can access information about the company should use a firewall and a properly configured and monitored intrusion prevention and/or detection system. These make a hacker’s job far more difficult when trying to gain unauthorized access to your website, software, or web portals.

Remote Access – Allowing remote access into your company’s network should be limited, secured, and monitored for unusual activity. Make sure employees who have remote access are logging in through a secure VPN and from devices (laptop, phone, tablet, etc.) that meet the company’s security protocols.

Network Segmentation – Segregate any credit card payment processing from other network applications, such as e-mail, forms databases, or other company or client-related information. Proper network segmentation and segregation can help lessen the loss of information should a hacker gain access to part of your network.

Beware of E-Skimming – E-skimming is a fraud technique where hackers introduce malicious code on e-commerce credit card processing web pages to capture card and personally identifiable information and send the data to another domain that the hackers control. Some precautionary measures that companies can take include:

  • Regularly update all system and payment software
  • Implement software code integrity checks
  • Monitor and analyze web logs for irregularities
  • Install all recommended patches from your payment vendors

C. Conclusion

In today’s technology driven world, making purchases online for goods and services has become the “norm” for individuals and businesses alike. The convenience factor is impossible to beat, but there are individuals with malicious intent ready to take advantage – particularly around the holidays. While there is no full-proof way to avoid an unscrupulous hacker, make it difficult for them. Be vigilant with your personal and credit card information, and take common sense precautions when making online purchases or when providing web-based services to the public or your company’s clients.


C2 provides strategic HR outsourcing to clients who want to develop optimal workforce strategies and solutions to allow them to be more competitive and profitable. C2 blog posts are intended for educational and informational purposes only.