With the holiday season approaching, many of your employees (and you as well) will be engaging in quite a bit of online shopping. Inevitably, some of this activity is likely to happen during work hours if you don’t outright ban online shopping in the office.

Since casual browsing does create the potential for vulnerabilities, take the time to create a clear policy regarding internet use during work hours.

Use trusted websites. Navigate directly to trusted websites by using the address bar. Look for the lock symbol or “https” in the website’s URL, as this indicates a secure site.

Don’t click on ads. Advertisements are not always what they seem. Some can direct you to phony websites, while others might install adware on your computer. If you see something tempting in an ad, note the name of the retailer and search for it.

Research unfamiliar companies. If you’re not familiar with a retailer, Google its name to read reviews. Many overseas boutiques pop up, especially on Facebook, to make a quick buck and then vanish after a few months. Sometimes orders never arrive; other times, you will receive strange or inferior merchandise.

Don’t fall for email scams. Some of those “special offers” are just adware or malware in disguise. Remind your employees not to click on email attachments or follow links from emails.

Use strong passwords. Many online retailers store credit card information, which can be convenient for the consumer. But anyone who hacks into your account can order themselves some gifts in your name.

Use a credit card for online purchases. If there is a problem with the order, you at least have some recourse if you’ve used a credit card. Using a debit card usually means no purchase protection, and it could mean that your entire checking account becomes vulnerable.

Beware of public WiFi connections.  When in public places, avoid accessing sensitive data over unsecured networks.  This would include banking information, tax information, or any other apps or websites with personal information.  You never know who could be lurking or hacking into the network waiting for you to expose your personal data.