When it comes to protecting your privacy and personal data when shopping online, who do you trust? HINT: It should be you.

A recent survey by McKinsey & Company asked respondents to rank the industries they most trust to protect their privacy and personal data. Not surprisingly, the healthcare and financial services ranked at the top of the list at only a concerning 44 percent. Even more concerningly, people only ranked the public sector/government at 11 percent.

  • 44% – Healthcare and financial services
  • 22% – Pharmaceuticals/medical
  • 18% – Retail
  • 17% – Technology
  • 11% – Public sector and government
  • 10% – Media and entertainment

Where some see a lack of trust, others see opportunities. Organizations demonstrating trustworthiness by carefully handling and protecting customer’s data and privacy can stand out. Nine out of ten people are loyal to companies they trust with their privacy and data. 

Dealing with trustworthy companies is a great first step to protecting your personal data and privacy. And, we asked our cybersecurity experts to share their tips for protecting your privacy and personal data when online shopping. 

Data privacy infographic from McKinsey & Company.

10 Tips for Protecting Yourself While Shopping Online

1. Only Shop on Trusted Websites

A favorite trick of cybercriminals is to create imposter websites appearing legitimate. Unless you’re paying close attention, you could click on a product or link opening the door to hackers. Scammers will create fake websites to lure shoppers into purchasing an item that is never received. 

According to the Better Business Bureau, 57 percent of shoppers do not research a new website before buying. And, of those 57 percent, 81 percent lost money. If the site asks for more information than usual, the deal seems too good to be true, or you’re just not comfortable with the buying experience, abandon the site. Search for the product on more reputable sites. 

Reputable sites are secure.

If a website is safe, the URL should begin with HTTPS, not HTTP. Some browsers display a lock next to the address reinforcing the site is secure. Check for the HTTPS before clicking on a site, and again before initiating checkout, as some websites host their checkout process separately from their product catalog. 

2. Adding the DuckDuckGo Extention to Your Preferred Internet Browser

DuckDuckGo is an internet search engine developed to protect search privacy and avoid the filter bubble of personalized search results. The DuckDuckGo browser extension and mobile app verifies a website’s security while also blocking Google’s (and many other companies’) trackers, keeping your browsing history private. No more ads following you long after you’ve completed a search.

3. Stay Away From Coupon Sites

We love a good bargain too. There are sites dedicated to curating promo codes for bargain-savvy shoppers. Some are legit. Some not. Searching for promo codes, and then clicking on sites you’ve never heard of is risky and leaves you vulnerable. Instead, let a trusted browser extension like Honey or Wikibuy (Capital One Shopping) search and apply promo codes for you. 

4. Keep Your Software Updated

Companies spend hours and invest thousands of dollars fixing vulnerabilities in their software. These fixes are included in software updates. If the updates are not applied, you increase the chances of a successful cyberattack. 

5. Secure Your Devices

Make sure your phones, tablets, laptops, and computers have firewall and virus protection software installed. If a device is not protected, do not use it for online holiday shopping. Additionally, add passwords to your devices. If you lose your phone or your laptop is stolen, this limits access to personal information.

6. Use a Strong Passphrase

Hackers have tools to automate the process of finding the correct password. For example, if you have a four-digit passcode, there are only 10,000 possible combinations. An experienced hacker can find the right combination in seconds. Thus, it’s essential to use longer passwords including symbols, digits, and characters. 

And, consider a passphrase. A passphrase is longer than a password and combines text, symbols, and digits to create an easier to remember — and harder to crack — passphrase. For example, instead of using your mom’s maiden name, try luvDaSm1th$.

A password manager like LastPass allows you to generate strong, unique passwords for each individual website and service while providing a convenient and secure place to store these. 

Finally, implement multi-factor authentication (MFA) when it’s available. MFA requires a second form of identification, such as a code texted to your smartphone or sent to your email. You enter the code into the application before access can be granted. Hackers may guess your password, but they most likely won’t have access to your phone.

7. Carefully Check Your Emails Before Opening Them

Before opening an email or clicking a link, take a moment to consider if it could be a phishing scam. It’s easy to click on what appears to be a legitimate promotional email, only to find out later you’ve given a hacker access to your personal information or credit card. Luckily, scam emails usually have a few patterns:

  • They contain a too-good-to-be-true offer
  • They contain misspelled words
  • They are sent from email addresses that don’t completely add up
  • They contain a link and an urgent need to “Act fast!”

Proceed with caution when checking your emails.

8. Use Different Emails for Different Purposes

Sure, you probably have a work email and a personal email. It’s time to take this one step further. Use different email accounts for different purposes: 

  • One email address for important things like bills, banking, taxes, medical accounts, etc.
  • One email address for shopping
  • One email address for newsletters or giveaways

Periodically use the website Have I Been Pwned? to check if your personal data has been compromised by data breaches. This service is used by media outlets and even the government to scan the dark web, collecting and analyzing hundreds of database dumps and pastes containing information about billions of leaked accounts. Enter your email address or username to see if your account has been included in a data breach. If your email is part of an email data breach, change your password or consider abandoning the email address.

9. Pay With a Third-Party Provider

Paying online for purchases with a credit or debit card puts your money at risk. While the bank or credit card company may make you whole, they can’t replace the hours consumed fixing the issue. Pay with a third-party provider like PayPal, Apple Pay, Samsung Pay, Google Pay, virtual credit card, or gift card purchased from a brick-and-mortar store to keep your account information safe. 

If you do happen to be a victim of a cybercriminal, you will need proof of purchase. Keep your receipts or screenshots of your transaction history.

10. Buy Local, Pay In-Person

Many people buy online, even if you’re buying from a local merchant. No matter how trustworthy the merchant may be, don’t pay online. Instead, pay when you pick up your order or have it delivered. It reduces the odds of becoming a victim.

Protect Your Privacy and Personal Data

With these safety tips from the experts who lead WOZ U’s Cybersecurity program, you’re proactively protecting your privacy and personal data.