Skip to content
Naked Security Naked Security

Our 12 tips for staying safe online this Christmas

How to focus on family, food and fun over Christmas, rather than dealing with a credit card crisis or a ransomware attack.

Here are 12 cybersecurity tips to help you focus on family, food and fun over Christmas, rather than dealing with the headache of stolen credit card details or important documents lost to ransomware.

1. Clean up your passwords

Don’t use the same password on more than one website. If the crooks get one password, they’ll immediately try it on all your other accounts.

Make your passwords as long and complex as you can; in fact, consider using a password manager, which will come up with a unique password for each website automatically.

COOL VIDEO: How to pick a proper password ►

2. Update your devices

When patches come out, most of them fix security holes that the crooks either already know about or will find out about soon.

Don’t put off security updates because “later will be fine”. Follow our advice: patch early, patch often.

REAL-WORLD SECURITY: When patching your phone really matters ►

3. Back up your files

Whether you’re taking your laptop on holiday, or staying at home with your faithful desktop this festive season, don’t forget to back up your precious documents on all of your devices.

That way if your files are lost, stolen, “reconfigured” by a teenaged “expert”, or, worst of all, held for extortion by ransomware, you can still get your data back.

FREE GUIDE: How to stay protected against ransomware ►

4. Watch out for booby-trapped ATMs when out shopping

Watch out for modified ATMs when you withdraw money. Crooks often glue fake parts onto or around ATMs in the hope of covertly reading both your card data and your PIN.

If you see an ATM with any components that look as though they don’t belong, report it to the bank and the police. That way you protect yourself and everyone else too.

REAL-WORLD SECURITY: Grab hold of the ATM and give it a wiggle (really!) ►

5. Beware of login links in emails

When an email urges you to click on a link to login to your account and change your password, or something similar, it’s probably crooks trying to phish you onto a fake site that will look exactly like the real thing, except that the crooks get your password, not the real website.

If you want to check a transaction on one of your accounts, open your browser and browse to the website yourself.

REAL-WORLD CRIME: Anatomy of an iTunes phish ►

6. Look for the padlock in the URL bar when shopping online

A padlock in the address bar and a URL that starts with “HTTPS” means the website uses an encrypted or secure connection.

All major websites, not just financial institutions, use HTTPS these days, so if you see a site that’s asking for personal information but doesn’t have the padlock, you can be sure it’s a fake.

REAL-WORLD SECURITY: How your browser padlock works ►

7. Watch out for bogus courier emails

At Christmas time, you may very well get products delivered to your home, so you’ll be expecting a visit from a courier company. Crooks know this and send fake emails about bogus delivery problems, hoping to draw you into their web.

If you want to contact a courier company to check on a delivery, look up their phone number or email address yourself – don’t use any links or information from an email.

REAL-WORLD CRIME: A courier scam that foisted malware onto Mac users ►

8. Don’t email your credit card details

Sometimes you’ll try to buy that special gift for Christmas, but your credit card won’t go through. In perfectly good faith, the seller may ask you to email through your card details to try again later.

But that email could end up in the hands of cybercrooks, even if the seller handles it with care once they’ve received it. Remember: if in doubt, don’t give it out!

REAL-WORLD CRIME: How card data gets bought and sold ►

9. Turn off Flash on your devices

Want to do one single, simple thing to improve your security, now and forever? Turn off Flash, or uninstall it altogether if you can.

Booby-trapped Flash files are still a popular way of spreading malware, and with fewer and fewer sites actually requiring Flash, it’s safer to do without it altogether.

LEARN MORE: See why crooks love Flash, and learn how to turn it off ►

10. Change default passwords before using new home video devices

Whether it’s a new baby monitor, home surveillance system, or any other internet-enabled camera, it probably has a default password.

If you don’t change the password then you are making it easy for a cybercriminal to hack in and watch whatever you’re filming. That could be you, your house, your baby, or something else that you’d prefer to keep away from prying eyes.

REAL-WORLD SECURITY: Why the FBI director puts tape over his webcam ►

11. Think before you share on social media

Maybe it sounds obvious, but oversharing on social media is a bad idea, and there is no better time to remind you of this than the party season.

Whether it’s photos of other people, your credit card details, the fact that you’re HOLDING A REALLY AMAZING PARTY ON FRIDAY NIGHT or anything else, stop and think before you share. Once you post it, you’ll never be able to take it back.

THOUGHTLESS SHARING: ‘Creep’ shamed online was merely taking selfie with Darth Vader ►

12. Upgrade the software on new devices before using them

Even “new” computers and hardware devices usually need updates right away. After all, between when they were made and when you first use them, the crooks have had time to find new security holes to attack.

If you want to protect your new devices, always patch before using them, even if it’s Christmas Day and you’re dying to try out your brand new present.

REAL-WORLD SECURITY: The Netgear router bug that needs patching ►

13. Free bonus tip!

Finally, make sure your computers at home are secure. Sophos Home is free and allows you to protect up to 10 Windows and Mac computers from malware, ransomware, phishing and more.

You can have different settings for adults and kids, and the web filter lets you block ads. It’s an easy-to-use solution that takes minutes to download and get started.

Next year…

Remember, when 2017 comes around, all of these tips will still be valid.

In other words, as much as we’re urging you not to let your computer security guard down over the Christmas season, we’re also encouraging you to keep your security guard up every day.

Cybersecurity is for life, not just for Christmas.


Funny, I must reading NS too much. Last week my boss asked me to create a podcast for security tips for staff and customers. I got 11 out of the 13, missed: https and emailing credit card etc. numbers. (Although I can’t imagine why anyone would send personal information on what amounts to an electronic postcard.) I’ll add them today. Thanks Paul, have a good holiday.


Paul, I really love and enjoy reading posts on naked security from you , I like your in-depth descriptions on computer security and end users. its fun to read. Thanks for the good work you are putting forward to the end user community, though many really never take it serious like we who know the crazy behind the wires. what more can be done , not sure but just saying out the same thing over and over and over ….hoping they understanding .

Happy holiday Paul.


Thanks for your kind words, they are much appreciated.

Have a great Christmas and New Year yourself. (I was going to say “I can’t believe it’s nearly 2017”, but given that I have a calendar in front of me, that’s not strictly true :-)


Sophos 2017 should be amazing. Just keep bringing the aticles about people getting arrested because they posted their selfies on Facebook. Always good for a laugh.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!