Optiv Security shared its annual list of tips to help organizations get the most from their security programs during the busy holiday season. A team of security experts developed 10 recommendations focused on assisting security and IT teams with prioritizing and optimizing their security resources and investments as they deal with the typical increase in risk of exposure that comes with this time of year.
“The holiday season finds many business, IT and security leaders overwhelmed, short-staffed and focused on closing out the year as profitable as possible. Unfortunately, this can leave companies less prepared to protect their business and more vulnerable at a time when the risk of cyber and physical security threats are known to be on the rise,” said Stuart Solomon, executive vice president, security solutions and operations for Optiv. “Optiv is proud to provide tips geared toward helping companies get clarity from the security chaos they experience during this stressful yet critical point of the year, and optimize their available security resources and investments.”
Optiv’s top 10 business security tips for the 2017 holiday season are:
1. Have a plan
This may seem obvious, but procrastinating during the holidays extends into security practices and proper planning can set an organization up for success. Whether it’s an incident response plan to an attack that happens on Christmas Eve or managing staffing shortages, companies should have a detailed plan is in place.
2. Audit POS or similar systems early
If your organization is in retail or otherwise uses POS systems, those systems can be vulnerable this time of the year. Don’t wait until December 20 to perform an audit.
3. Refresh employees on common social engineering scams
Social engineering can be a very effective method to achieve their goals during the holidays. False charity emails that are actually phishing or vishing scams, missed or deceptive package deliveries and fraudulent gift cards are just a few approaches hackers can take. Employees should always vet unexpected or suspicious communications and materials by notifying IT and security departments about them.
4. Diversify moneyed accounts
Smaller organizations tend to keep all financial assets in one account, which means one compromised email address or social media account can result in drained funds. Diversify funds in multiple banks to ensure that if any are compromised, your business won’t be sunk.
5. Prepare for staffing shortages
This year, New Year’s Eve and Christmas both fall on Mondays, which likely means many people taking extended holidays. Lags in processes and increased risk because of this are common, so organizations should make sure contingency plans are in place and responsibilities are understood across teams.
6. Watch for fake products, including mobile applications
Whether shopping for the latest trendy toy for a child or checking out a new offering in the market for a business, employees must beware of false products. Internet shopping is convenient but means there is risk due to long, winding supply chains and bad actors leveraging trends to run scams. The old adage, “If it’s too good to be true, it probably is,” is as appropriate as ever.
7. Beware of lurking ransomware attacks
2017 was the year of ransomware, with new high-impact attacks regularly popping up. This will not change during the holiday season and, if anything, will scale up. Ransomware attacks are profitable, fairly simple to execute and can be crippling to organizations, especially during a time of year when nearly every business is at its busiest. Tactics such as avoiding clicking hyperlinks in emails from unknown senders and updating operating systems and applications can help reduce risk.
8. Be a good neighbor, digitally and in real life
Most of us will put a neighbor’s package in a safe place if they are away, especially during the holidays. This applies to cyber security as well. If an employee receives a suspect email at the office, ask them to alert IT. It could save the entire organization from a large-scale phishing attack.
9. Use secure payment options when possible
Shopping online is convenient and an everyday part of our lives, but that doesn’t mean it’s completely secure. Plugging bank account information into a website is still a risky proposition, so employees should make sure to use secure payment options – loosely defined as anything that doesn’t involve giving out a physical card number – when making purchases online using business equipment. Online merchant applications also tend to be safer than going to websites, so use those whenever possible.
10. Prepare for new devices
It’s inevitable. Employees will get shiny new mobile phones, tables and laptops as holiday gifts, and may connect those devices to corporate networks. Educate employees on best practices, as well as the organization’s BYOD policies, to safely and securely access company systems, email and files to minimize risk to the business.