While obtaining a new piece of tech hardware over the holidays can be exciting, it's not without risks, because in many cases, the default delivery state of the shiny new thing offers very little in the way of cybersecurity.
That means connecting your new product to the internet straight out of the box without taking security precautions could leave you open to hacking, cyberattacks and malware – all of which could put your data and privacy at risk.
SEE: 10 tips for new cybersecurity pros (free PDF)
To help users enjoy their new devices safely, the UK's National Cyber Security Centre (NCSC) – the cyber arm of the GCHQ intelligence service – has detailed five simple steps that can help make devices more secure.
1. Protect it with a strong password
People often believe that cyber criminals need to be expert sleuths to crack people's passwords, but the reality is that people use weak passwords that are easy to guess. It could be that they're using the default password that comes with the new device, or it could be that they're using common or easily guessable weak passwords like '12345' or 'password' for their email, shopping and social media accounts.
That's why the NCSC says that users should change simple or default passwords to more secure ones, so that it's not so easy for cyber criminals to guess. One way the NCSC suggests doing this is by making your password three random words that are memorable to you, but difficult for others to guess.
2. Turn on two-factor authentication (2FA)
A strong password is a good first step to securing a device and the accounts, but it isn't impossible for cyber criminals to use brute force attacks in an attempt to crack passwords, or to use phishing attacks to dupe users into giving up their passwords.
That's why the NCSC recommends using two-factor authentication to ensure that there's another barrier to attackers gaining access to accounts. Because even if attackers know your password, having to authorise the login attempt via a text message or application on your smartphone makes it harder for hackers to hijack the account.
"While you're at it, turn on 2FA for your main email account if you haven't already. That's the centre of your digital life because things like password resets get sent there, so it needs to be better protected than other accounts," said Ian Levy, technical director at the NCSC.
3. Always accept automatic updates
Smartphones, tablets, computers and Internet of Things devices all now regularly receive updates from manufacturers – but users will regularly put off applying either because they see installing the updates as a waste of time or don't understand why devices need to be updated.
However, updates are often issued after security vulnerabilities arise as a means of closing loopholes that can otherwise be exploited by hackers. Many of the most high-profile malware campaigns and cyberattacks of recent years have spread so easily because they're taking advantage of known vulnerabilities that users haven't applied the patches to fix.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
Because of this, the NCSC recommends that users should configure all their smart devices to install automatic updates – and to install updates for phones, tablets and computers as soon as they get the option.
4. If you don't want it anymore, perform a factory reset
Sometimes people decide that a gadget isn't for them, or they decide that they want to trade it in for a newer model. If this is the case, the NCSC suggests that users should perform a factory reset of the device. By returning the device to its original settings like this, users will wipe all of their personal data from it, meaning that information can't be potentially exploited by whoever uses it next.
5. Here's what to do if something goes wrong
If the worst happens and users think an outsider has control of a device inside their home, the NCSC recommends users perform a factory reset. Meanwhile, if users become aware of an incident reported in the news and think their product is affected, they should visit the manufacturer website for advice.
There's also the option of visiting the Information Commissioner's Office (ICO) website, or the website of the NCSC.
The five tips are simple, but they can go a long way to protecting users against the vast majority of cyberattacks.
"Enjoy your new devices and the cool things they can do. Don't be afraid of new technology and the internet. With some basic prevention, you'll be as safe as houses," Levy said.