Tips for Shopping Safely Online

Keeping your data private and secure online comes down to one simple mission: limit your exposure. Limiting your exposure amounts to minimizing the number of sites you trust with your data. Doing so often means resisting the appeal of conveniences that make online shopping even more convenient than it already is.

Remember: convenience is the enemy of security. Think of your data as your home. You could make it very difficult for a thief to invade your home by constructing it with no windows and just one super-thick steel door you have to know a secret code to open. It would be a dreary place and not very cheerful, but at least it would be safe. But suppose you wanted to let some light in, perhaps a lot of light. And you wanted fresh air to come through on a pleasantly breezy day. You’d start replacing stretches of the thick brick walls with windows, and you’d replace that big steel door with a wood one you could open to reveal a screen. The home would be so much easier to live in. It would also be so much easier to attack.

When you agree to a convenience a website offers you, you do much the same thing: you replace walls with windows, doors with screens. These features make for a more pleasant experience … until, of course, you’re robbed.

Convenience is the enemy of security. Resist its appeal. Limit your exposure.

Here’s what that means in everyday practice:

  1. Don’t save your charge card or bank information online. Most websites will offer to save it for you so that you don’t have to re-enter it when you buy from them again. Don’t agree to that.
  2. When given the choice, don’t create an account with an online vendor. Instead, check out your purchases as a guest of the site. That way, you won’t have to log in to the site to make your purchase, which means the vendor will keep less information about you.
  3. Make online purchases only from companies that have established a long track record of selling online securely. Small businesses and mom-and-pop shops are wonderful places from which to purchase goods in person, but they may lack the sophistication to safeguard online purchases sufficiently. Online, stick with the big dogs.
  4. Don’t open new lines of credit, even if they offer financing terms that seem too hard to resist. The more online institutions that have your data, the more ways an attacker can steal your data. Remember: don’t replace walls with windows!
  5. Use a different password for every site you visit. It isn’t so painful to come up with different passwords for every site if you employ some clever way to associate each password with its intended site. For example, you could use the same base password for every site, but add a part that is specific to each that you could easily derive from the site’s address.
  6. Never save your password in your browser. It is extremely – even laughably – easy for someone else who has access to your computer to reveal your previously saved password. Just reenter the password every time you visit the site.
  7. Don’t thoughtlessly click on links in an email or on a website. The text you click on has no defined relationship to the address to which it leads, and so it is very easy for someone to steer you into danger. Always hover over the link (or, on a mobile device, long-click it) to reveal the address. If the address looks funky, do not continue by clicking through to the site.
  8. Do not shop on an open public wi-fi signal. If you have to shop from a cafe or a library, shop from your 4G-connected phone or use your phone’s portable hotspot feature as your wifi signal instead.

Shopping online comes with risks, and you must protect yourself. Fortunately, you can stay safe online simply by not trying to make something that is already so much more convenient than how we shopped ten years ago even more so. Don’t get greedy when it comes to convenience.

Happy shopping!

About Ray Klump

Professor and chair of Mathematics and Computer Science Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *