The race to buy Christmas presents has just begun. And for many of you, e-commerce websites will be the first port of call. But you might be getting more than you bargained for: according to a study by the French start-up OZON at the end of 2016, no less than 69% of websites are not protected against cyberattacks. Whether you’re trying to prevent data theft, cyberattacks or malware injections: here are two gift-buying tips to avoid a nasty surprise under the tree.
Make your purchases on a secure website
It might sound obvious, but it’s still very important. Again according to the OZON study (in French), two thirds of all websites may not have HTTPS protection or an SSL certificate.
Google is your friend if you’re looking for a website that offers secure payment. The search engine prioritizes sites with an SSL certificate and those that support the HTTPS protocol when it generates search results, for enhanced online security. Since early 2017, various web browsers now show the warning “non-secure” or show a pictogram identifying websites that do not comply with these rules.
Screenshots of Google Chrome browser
So remember to use a well-known e-commerce site, and check the pictograms.
Pay special attention to connected objects
Drones, voice assistants and other surveillance cameras: connected objects are sure to be popular under this year’s Christmas tree. But when it comes to cyberattacks, the IoT (“Internet of Things”) seems to have a rather shaky approach to security. Could connected objects be a gateway to your networks?
A second study conducted by Digital Security, the first European CERT for the security of connected objects, and published in the summer of 2017, puts the spotlight on the lax security measures implemented by connected object manufacturers. Unsecured updates, use of default passwords, unencrypted data storage or weak communications encryption: the list of most commonly encountered vulnerabilities on connected objects is chilling to say the least. On the other side of the Channel, the British association “Which?” has echoed these fears in a survey published in mid-November denouncing the lack of security in connected objects.
Meanwhile, recent Wi-Fi connection vulnerabilities have been discovered that can further weaken your network. To make sure your purchase is not vulnerable to the WPA2 security weak spot, check when it was last updated. If it predates November 2017, there is little chance that the security patch has been applied. A stuffed animal can transform into a Gremlin very quickly...