Keeping your business secure this holiday season

2015 is coming to a close, but as employees prepare for the holiday season and the new year, cyber criminals aren’t taking a break and are looking for opportunities to take advantage of opportunistic security gaps.

Data breaches are on the rise, making security more critical than ever, especially in some of the most sensitive industries. And while retail will continue to be a likely target throughout the biggest shopping season of the year, industries such as the healthcare, legal, and financial services are just as vulnerable.

Any number of causes can expose company and customer data to hackers, but the biggest security breaches are often due to internal oversight. What may seem like minor employee hiccups pose some of the biggest threats. Addressing a few key concerns can help you avoid data disasters this holiday season.

Secure shopping
It’s no secret that employees may be trying to get ahead of some holiday shopping during lunch or on break. In fact, a recent CareerBuilder report shows that 50% of employees plan to do their online holiday shopping while at work. While employees may see little harm in shopping online during work hours – or even after hours – using company devices, email addresses or being logged in to non-secure networks can provide a gateway for hackers. And as the holiday gift- buying panic begins and popular items sell out, employees desperate for the perfect gift may seek out secondary ecommerce sites that lack good security controls, or are even fronts for illegal businesses.

Rather than turning a blind eye, remind employees of ways to stay secure while shopping this season:

  • Never use your work email address when signing up for or signing into websites to shop
  • Avoid visiting or clicking links to unauthorized websites
  • Never open suspicious attachments in emails or promotional emails from unfamiliar sources
  • Never use your ATM or debit card for transactions – always use a credit card or other payment system like PayPal.
  • Never store passwords or payment information.

Out of office protection
The holidays also mean heavy travel. As more employees work remotely, the temptation to put company documents and other sensitive data on USB sticks, cloud storage, and consumer file sharing services can pose a threat to company data. Too often, easy, on-the-go access comes with a host of security risks. To mitigate these risks, ensure employees know how to access information securely – and that apps they use integrate with your existing enterprise security and authentication systems. It’s useful to have visibility into any file sharing or syncing and the ability to report on activity.

Think having employees leave computers behind will keep you safe? Sure, you can’t steal what’s not there, but as the lines between personal and business use on devices continue to blur, company information can fall through major security cracks. Employees will be accessing work email and sharing, uploading or sending information on personal devices, and with the increase in travel, the threat of lost or stolen devices creates heightened risk.

To protect themselves, companies should strengthen and communicate their BYOD policies, and ensure all sync, collaboration, and sharing tools used by employees meet your enterprise security policies.

Education is your first line of defense
A simple yet effective first step in protecting your enterprise content is by reminding employees of company policies and security best practices.

Training and information sessions – whether in-person or via video or conference calls – are ideal for teams to meet and discuss the threat of an end of year data breach, giving managers the opportunity to walk through policies and cover common red flags. But when comprehensive training sessions aren’t possible due to time or resource constraints, alternatives can be as simple as emailing “cheat sheets” with tips and tricks or hosting security-focused “office hours” to answer employee questions.

While the holiday season can bring increased hacker activity, educating your team, tightening your policies and refining your tools can minimize risk and help you start a successful – and secure – new year.

More about

Don't miss