The holiday period is a time to celebrate with family and loved ones. Unfortunately, cybercriminals will use the season to take advantage of businesses as IT staff and end users relax their guard heading into the end of year. With that in mind, GFI Software is reminding both organizations and consumers to stay vigilant this year and is providing helpful tips on how to increase online safety and spot attempts at holiday cybercrime.
2014 was a banner year for cybercriminals, who demonstrated that no target is too big or small to be exploited, and whose efforts resulted in billions of dollars in losses. Organizations should always exercise established best practices, to help mitigate the risk of advanced threats, as well as practically eliminate basic ones. Users and IT administrators alike, should be reminded that while they may be planning to take some much deserved time off this season, cybercriminals will not. Items to keep in mind before powering down for the season include:
Remove redundant user accounts: It is imperative that system and application user accounts belonging to former employees, or belonging to current employees no longer needing them, are purged. Dormant user accounts – known as Ghost Accounts – pose one of the biggest risks of unauthorised access and increase the number of entry points for an opportunistic hacker.
Shut down unnecessary open ports: Check routers and gateway appliances to make sure that only the most critical network ports are open. Closing unused ports greatly reduces the risk of intrusion, as well as helping to interfere with malware, spyware and other malicious code trying to communicate under the radar of port monitoring software.
Patch all software: Before shutting down for the holiday break, make sure that all operating system and key application patches have been applied. A dedicated patch management solution will automate the process of both finding and deploying patches to all machines on the network, reducing the workload of IT staff throughout the year as well as the risk of operating system and application vulnerabilities being exploited.
Update antivirus software: Ensure that both the antivirus application and the definition files on all servers and other critical equipment are up-to-date. While systems are being left unattended, it is imperative that malware defenses are as robust as possible to prevent accidental or intended infection of key systems, such as mail servers.
If you don’t need it – switch it off: Non-essential systems should be shut down while the business is closed. This will reduce the risk of unnoticed equipment failure and prevent non-critical systems from being compromised and used to access critical systems and storage silos.
Refresh the IT policy: If your organization doesn’t already have a policy regarding BYOD – create one. The post holiday season sees a huge influx of new mobile devices entering the workplace and the coming holiday period is expected to see record sales for smartphones and tablets. The security levels of any device used to connect to company resources either remotely or within the building should be examined and set. An unsecured smartphone or tablet is a potential threat to data security and compliance.
Don’t be lured by “free” Wi-Fi when traveling: People have come to expect access Wi-Fi at all times, even when they travel, and research has shown users will connect their work and personal laptops and devices to any hotspot, even if they unsure about its. Hackers will establish fake “free Wi-Fi” networks to fool travellers into connecting. Once they do, the hackers are able to steal all sensitive information on that machine as well as any data sent over that unencrypted connection. Business travellers should only connect to trusted Wi-Fi sources, even if they must pay for it.
Remain alert when online shopping: Each holiday season, more and more people shop online and more are doing so from their work machines. Cybercriminals take advantage of shoppers by scamming them with online coupons and fake e-commerce web pages. Users should examine online discount emails closely as well as any e-commerce site. If anything seems out of place, the user should shut down their browser immediately and perform an antivirus scan. Malicious websites and phishing emails remain very effective at tricking people into downloading malware onto their devices.
“The holiday season traditionally poses a big challenge for organisations of all sizes, as the need to monitor and maintain IT systems has to be balanced against the need for staff to take time off,” said Sergio Galindo, general manager at GFI Software. “However, IT staff face additional challenges, as not only do they need to consider the reoccurring threat of networks and systems being targeted during the quiet holiday period, but also the risk posed by employee devices being used for remote access.”