Yes, we haven’t even started defrosting the Thanksgiving turkey yet, but already retailers, charities, social media influencers, and even your kids have hit the ground running for Holiday 2021. But they’re not the only ones getting in the spirit, so are cybercriminals.
Hackers love this time of year. With a gigantic spike in online shopping, financial and email activity, and distracted consumers who may let their guard down, the holidays are the perfect storm of opportunity for malicious actors.
If you’re in business, it’s important to realize the added cybersecurity risk this time of year brings. A security breach can cause loss of reputation, wasted resources, loss of consumer confidence, and cost you money.
Taking steps necessary to protect your IT infrastructure is important all year long, but even more so during the holidays when cyberthreat attacks skyrocket.
Below are the top three things you can do now to help your business from getting hacked this holiday season.
Implement Multi-factor Authentication (MFA) for all your employees
The fact is most people use the same passwords over and over for everything from shopping websites to logging into your network. When those passwords are compromised, the bad guys can gain access the user’s other systems with the same password.
MFA requires two sources of identity verification before granting access to an account or device. Usually, those two sources are something the user knows (their password) and something the user has (a token or phone app). For example, the user would login to your network with their password, but before granting access, an authentication message will be pushed to a secure app on their cellphone. The user must verify their identity through the cell app before gaining access to the network. Although this may sound cumbersome, the entire login process takes place in a matter of seconds.
Upgrade from standard anti-virus to endpoint detection and response (EDR)
Anti-virus software is a good first step in protecting your company data, but EDR provides far better protection. Anti-virus software is limited to filtering and stopping known malware threats. While that’s a good place to start, there are nearly 1 million different types of malware being released every day – yes, every day. To keep up, your antivirus software must be constantly updated, which isn’t realistic or even possible.
EDR not only filters for known threats, but also uses artificial intelligence (AI) to analyze network behavior and irregular patterns in memory consumption, to uncover and neutralize currently unknown attacks. EDR will stops a ransomware attack in its’ tracks and restore compromised files to your network. But that’s not all, EDR goes a step further by learning the attack’s MO to prevent similar events in the future.
Stop employees from inviting hackers in
The number one-way hackers get into your system is through employees who click on links in malicious emails. Phishing attacks are already on the rise this holiday season, with the first half of November showing an 80% increase in phishing campaigns relating to sales and shopping special offers. What’s more, 63% of all corporations believe their employees don’t have the skills to be able to identify a phishing attempt.
Although your antivirus software or EDP does a pretty darn good job of catching most phishing attempts coming your way, a portion of them will still make it through to your employees in boxes. Your best bet is to train your employees to be human firewalls.
On Line Support offers a turn-key Email Security Testing and Training product that will teach your employees to identify and thwart phishing scams. Be sure to talk to your account manager to learn about this important part of your security program. But in the meantime, communicate now with your employees about being especially vigilant this holiday season to think carefully before clicking on any links in emails. Here’s an example of an email your users may get.
The red flags used in this example that your users should be watching out for are:
1 Do you know who the sender is?
2. Do you normally receive holiday specific emails at work?
3. Is this link reliable? Should I open this attachment?
4. If I hover over the link, is it taking me to a different address?
5. Does the file attachment have a possible dangerous file extension?
6. How urgent is this email? Is the sender creating a false need for urgency?
At On Line Support, we consider ourselves to be security evangelists. We love nothing more than helping our customers protect their business though solid security tools and practices. To learn more about the tools mentioned here, reach out to your account manager for all the details
Wishing you a very happy and safe holiday!
Eric Olmsted, CEO/Founder, On Line Support