Security experts at Neohapsis have put together the following tips to help keep businesses safe.
1. Use HTTPS – Remind employees to use HTTPS to make sure all data between them and the site is encrypted and cannot be eavesdropped, and to ensure the site they’re visiting is in fact the one they intended to visit.
2. Install the latest updates – While Microsoft does an excellent job patching vulnerabilities when they arise, many users don’t install them, opening themselves and the network up to attacks from those that have reverse engineered the updates to exploit vulnerabilities. Mac users are not exempt! They should be up on Apple updates as well. And all users should update system components of internet browsers, Java and Adobe products.
3. Check the defenses – Make sure the sentries are awake. In addition to keeping your systems patched and updated, ensure that any anomaly monitoring systems are watched closely around the holidays. Unfortunately, criminals don’t take a holiday, which means security can’t take one either.
4. Be suspicious! The old mantra: “If it’s too good to be true, it probably is” has never been more applicable when it comes to common phishing schemes. While most users know by now to not trust a pop-up that reads “You’ve won an iPad – click here!” modern phishing techniques are much more subtle, and much more dangerous. Let employees know it’s okay to mistrust emails and links. If something seems phishy, it probably is. Remind them that services like Paypal and online banks will never ask for personal information over email, chat, or any avenue besides their main website.
5. Stop known bad actors – Consider deploying blacklist filters on your outbound web traffic to stop anyone accessing any sites known to be malicious. Depending on web browser choice and configuration, this may already be in place.
6. Reinforce ownership – Try to keep personal web traffic outside the business walls by reminding employees of any established policies around personal internet use in the workplace. Encourage them to use their own mobile devices to browse personal websites. But if those devices contain company data, take the below step as well.
7. Protect the important things outside your walls – If you manage mobile devices with sensitive company data on BYOD or company-owned devices and you have enough IT resources to handle the load, consider temporarily routing their traffic through your security systems.