Christmas shopping, e-commerce websites and connected objects: more of a curse than a gift under the tree?

The race to buy Christmas presents has just begun. And for many of you, e-commerce websites will be the first port of call. But you might be getting more than you bargained for: according to a study by the French start-up OZON at the end of 2016, no less than 69% of websites are not protected against cyberattacks. Whether you’re trying to prevent data theft, cyberattacks or malware injections: here are two gift-buying tips to avoid a nasty surprise under the tree.

Make your purchases on a secure website

It might sound obvious, but it’s still very important. Again according to the OZON study (in French), two thirds of all websites may not have HTTPS protection or an SSL certificate.

Google is your friend if you’re looking for a website that offers secure payment. The search engine prioritizes sites with an SSL certificate and those that support the HTTPS protocol when it generates search results, for enhanced online security. Since early 2017, various web browsers now show the warning “non-secure” or show a pictogram identifying websites that do not comply with these rules.


Screenshots of Google Chrome browser

So remember to use a well-known e-commerce site, and check the pictograms.

Pay special attention to connected objects

Drones, voice assistants and other surveillance cameras: connected objects are sure to be popular under this year’s Christmas tree. But when it comes to cyberattacks, the IoT (“Internet of Things”) seems to have a rather shaky approach to security. Could connected objects be a gateway to your networks?

A second study conducted by Digital Security, the first European CERT for the security of connected objects, and published in the summer of 2017, puts the spotlight on the lax security measures implemented by connected object manufacturers. Unsecured updates, use of default passwords, unencrypted data storage or weak communications encryption: the list of most commonly encountered vulnerabilities on connected objects is chilling to say the least. On the other side of the Channel, the British association “Which?” has echoed these fears in a survey published in mid-November denouncing the lack of security in connected objects.

Meanwhile, recent Wi-Fi connection vulnerabilities have been discovered that can further weaken your network. To make sure your purchase is not vulnerable to the WPA2 security weak spot, check when it was last updated. If it predates November 2017, there is little chance that the security patch has been applied. A stuffed animal can transform into a Gremlin very quickly...

Share on

About the author

mm
Matthieu Bonenfant
Chief Marketing Officer, Stormshield

A graduate of Télécom-Lille, Matthieu Bonenfant is a cybersecurity specialist whose career at Netasq began in 2001, as a support engineer. He also served as Product Manager, Head of New Product Introduction, Technical Support Manager, and then Director of Operations and Customer Service. After occupying the position of Business Division Manager at Advens between 2008 and 2013, he returned to Netasq as Product Marketing Director and became Stormshield’s Chief Marketing Officer in 2016.