Top tips for security‑ and privacy‑enhancing holiday gifts

Think outside the (gift) box. Here are a few ideas for security and privacy gifts to get for your relatives – or even for yourself. Some don’t cost a penny!

Thanks to a decade or more of big-name data breaches, global privacy scandals and consumer rights legislation like the GDPR, we’re all more aware of cybersecurity and privacy issues today. And now that many of us are working more from home and our personal and work lives have begun to blur, the stakes have raised somewhat. No-one wants to end up in front of HR because their reused passwords were stolen and used to hack a corporate database, for example.

Our personal data is of great value not just to advertisers and data brokers, but even more worryingly, to cybercriminals. Unfortunately, there are many ways for nefarious individuals to get hold of it. They could use phishing attacks to target us directly. They may hide info-stealing malware in mobile apps, gaming torrents or other legitimate-looking software. Or they might use previously breached data to obtain our credentials and hijack our accounts. When it comes to advertisers and data brokers, much of the data slurping and selling is done silently in the background, often thanks to third-party cookies for better ad targeting or user experience.

Understandably, many of us want to mitigate the impact of these threats. So why not give the gift of better security and privacy and help your loves ones make some practical steps towards better protecting their personal information online?

But let’s first mention something that is a must these days and surely you have it covered already: comprehensive security softwareYou know by now that you and your family should use a security solution from a reputable provider on all your devices. Smartphones and tablets – which have been among the most popular holiday tech gifts for a while now – also need comprehensive protection from device-, network-, web- and app-based threats. If a device is connected to the internet, then there’s a possible risk malware could find its way onto it. And once on there, the malware could be used to steal your data, lock down your machine for extortion, or for other nefarious ends.

Now onto a few less obvious ideas for gifts for your relatives – or even for yourself! Admittedly, not all of the below will be the ideal fodder for a traditional Christmas list – not least because some are free to use or difficult to buy or gift-wrap for others – but each is worthy of your attention. Or perhaps just think of it as a list of things to add to your cyber-hygiene practices, on top of these bad security and privacy habits you could consider shedding in the new year?

  • Secure Wi-Fi router: All of us have a wireless router in our homes, but we’re probably using one provided by our ISP. Many of these leave a lot to be desired when it comes to security, for example, not accepting long and strong passwords, failing to notify when critical updates are available, or having ‘things’ like UPnP or WPS enabled. A better option would be to choose a small business router designed for security and if possible, consider setting up a virtual private network on it and so avoid installing a VPN on each device. Which brings us to the next point…
  • Virtual private network (VPN): These handy tools reroute your traffic via a secure encrypted tunnel so that the site you visit can’t identify you. A VPN is useful for enhancing privacy and security – blocking ISPs, government spooks, hackers and advertisers from spying on you – and is particularly important if you’re out and about using public Wi-Fi networks. However, not all VPNs are created equal. Free services may sell your data to make money, while those with servers located in specific countries may pressure the provider to hand over data. Independent research is required to find the right choice.
  • Password manager subscription: Many of us have so many accounts and apps online today that we need to use easy-to-remember passwords, and often share the same credentials across multiple accounts. The problem is that if just one of these ends up in the hands of hackers, it may imperil all of them, as the bad guys can use automated “credential stuffing” tools to try and unlock your other accounts protected with the same password. With a password manager you can easily create and store unique and strong passwords or passphrases for each site. The manager will remember them for you, whereas all you need to remember is a single password called “master password”.
  • 2FA hardware-based key: Two-factor or multi-factor authentication (2FA/MFA) offers protection from password-stealing threats by providing another layer of user authentication. Although dedicated MFA apps can also do this, another option is a physical hardware key like these. After enrolling it in each site you want to use, simply insert the key (usually into a USB port) to log in subsequently. If a criminal doesn’t have your key, they won’t be able to impersonate you.
  • Laptop privacy screen: Hybrid working means more of us will be travelling to the office again. That means more opportunities for shoulder surfers to see what we’re typing on our way to work. A privacy screen is the obvious solution, only letting light filter out from the display at narrow angles, thus reducing the chances of in-person snooping.
  • Webcam coverWebcam hacking, also known as camfecting, isn’t unheard of. Cybercriminals or ‘just’ peeping Toms can hijack other people’s front-facing cameras through various means, including Remote Access Trojans (RATs) or vulnerability exploits. They could then use the stolen material or recordings for fraud or extortion, among other crimes. A sliding webcam cover can, therefore, come in handy. Other simple countermeasures involving placing a piece of tape over the lens when the camera is not in use, or unplugging the camera if it’s an external one.
  • Privacy-enhancing email: Email was not originally built with security in mind. And now there’s a secondary risk: that the providers themselves are snooping on your data to sell to advertisers or share with government agencies. Once again, numerous alternatives to the main players have sprung up in recent years with a focus on security and privacy. That not only means messages are encrypted by default, but the providers make money from premium subscriptions rather than advertising, and are located in a country unlikely to share information with the US authorities if that’s a concern for you.
  • Secure messaging apps: These are unlikely to be on many of our Christmas lists, given that the apps are usually free to use and difficult to gift wrap. But it’s worth checking the one you’re using is optimized for security and privacy and provides end-to-end encryption. That means even if government or law enforcers ordered a provider to turn over customer data, they could not. Ensure the feature is turned on, as it may not always be by default. While you’re at it, consider tweaking the app’s settings further for even better privacy and security.
  • Anti-tracking software: As privacy concerns have grown among the populace, the market has responded with ad and tracking blockers. As the name suggests, they’re designed to protect your browsing activity from unwanted monitoring by ensuring any invasive or potentially malicious ads don’t appear on your screen.
  • Pro-privacy search engine: Major search engine makers generate their profits by selling advertisers access to your search history, so that they can target ads. Many users will be fine with this level of intrusion if it means more relevant ads. For those who aren’t, there are plenty of alternatives now on the market – and they’re free and can, of course, be used from your regular web browser – or even from, for example, the Tor browser if you want to up the ante further.

Let this holiday season be also a time of security and privacy awareness. By taking small steps like those above, we can keep our information safer and make life harder for opportunistic fraudsters.

by Phil Muncaster, ESET


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s