Optiv Security’s Top 12 Tips for More Secure Business Practices During the 2016 Holiday Season
Denver – December 8, 2016 – Optiv Security, a market-leading provider of end-to-end cyber security solutions, today shared a list of a dozen tips for implementing more secure business practices during the 2016 holiday season. Optiv’s experienced team of security experts developed these recommendations to help security and IT teams better prepare their companies and employees to address the increase in cyber threats that occur during this time of year.
- Limit temporary worker privileges. Many organizations employ temporary workers during the holidays to address increased demand for their products or services, and backfill employees on vacation. Criminal organizations know this and seek to take advantage of the potential “insider threat,” specifically that temporary workers may be less familiar with corporate policies and practices. Organizations should limit temporary employees’ access to corporate systems based on those individuals’ needs to do their jobs. Therefore, if a criminal successfully social engineers a temporary worker in order to carry out an attack on the organization, the fraudster’s access to sensitive company data will be kept to a minimum.
- Remember holiday season is phishing season. Research has proven phishing messages, emails designed to extract information from recipients for fraudulent purposes, and other spam activity increase exponentially during the holidays. Alert employees to expect harvesting attacks using fake shopping portals and fake shipping entities. Educate employees on how to spot the difference between legitimate messages and phishing emails as well as how they can report those scams.
- Brush up on physical security practices. Offices and homes see an increase in the delivery of valuable packages this time of year, which offers more opportunities for theft. When receiving or sending expensive gifts, remind employees to make accommodations to safely pick up the packages. They should also remember to lock file cabinets containing sensitive documents, keep track of tablets and laptops, and be careful when working in public spaces such as coffee shops where prying eyes may seek to compromise valuable information.
- Promote safe payment methods. It’s important for all employees to understand the safest payment methods to use when buying goods and services for personal as well as company-related purposes (such as client gifts or holiday parties). Whether it’s using chip readers when available, generating virtual credit card numbers or using third-party payment applications, educate individuals on safer ways to pay. If paying by mobile device, individuals should use contactless payment technology and integrated payment solutions, and install the official application directly from the credit card issuer. Also, be sure finance and accounting departments closely monitor corporate credit card accounts for potential fraudulent activity, and encourage employees to check their personal statements.
- Verify and deploy regular data backups. Ransomware continues to ravage businesses by holding data hostage for funds, sometimes going as far as destroying critical data altogether. Regularly back up data to help mitigate the impact of a ransomware attack. Also, periodically verify the ability to recover data from backups.
- Implement strong safeguards relating to large wire transfers. Businesses have lost billions in wire transfer fraud. An example of one common scheme include emails that appear to be from a CEO to the CFO asking for large sums of money to be transferred immediately for a “secret deal.” Without proper procedures in place, companies may fall victim to this type of fraud. Organizations need to establish a protocol where two or more executives are required to approve any wire transfer over a designated amount—under any circumstances.
- Check point-of-sale (POS) terminals and cash register computers daily. Organizations that handle cash and credit card transactions must make sure to regularly monitor and check POS terminals and registers for signs of fraud. POS fraud can come in many forms, including realistic-looking credit card skimmers and USB devices. Employees should be suspicious of people they don’t know claiming to be from corporate IT or security teams, as well as strangers poking around equipment.
- Encourage use of official apps. Employees will be hard-pressed to avoid online shopping this time of year. Encourage them to use a merchant’s official application, as they are usually more secure than third-party shopping applications. Official applications are safer than browser shopping due to extra security measures merchants take to protect their apps and sensitive customer data. Individuals should make sure they are using the merchant’s official app, as real-looking imposters can expose individuals and organizations to fraud.
- Watch for Internet-connected devices. This year, research shows an increase in cyber threats as a result of the growth of the Internet of Things (IoT). Companies and their employees should take steps to better secure all Internet-connected devices by following standard security guidelines, including regular software updates and deploying strong passwords. Also, individuals should update often overlooked devices such as video game consoles and smart televisions to reduce the chance of them being compromised.
- Keep third-party applications up-to-date. Organizations use many third-party applications and programs to conduct business. With so many, it can be difficult to keep patches up-to-date, but help is usually available. Many patch managers, programs that automatically update third-party applications, can keep all critical programs current and thus, more secure.
- Beware of holiday burnout. IT and security workforces can feel extra pressure during the end-of-year crunch. When our mind is elsewhere, it is easy to let our guard down and make a critical error. Just because someone is willing to work a 12-hour shift to help out, doesn’t mean it’s a good idea. Make sure employees get the breaks they need, and have adequate staff on hand to closely monitor for potential security issues and quickly remediate them.
- Do not recycle passwords. Passwords are the first line of defense against cyber threats. With many people browsing online retailers and signing up for new accounts this time of year, remind employees to use proper password procedures. Recommend that they should never use the same password from their email or bank accounts, in particular. It is common for usernames to be an email address. So when individuals use their email addresses as their passwords, an attacker could easily test this and gain full access to other accounts.
These are just some of the tips businesses should keep in mind this holiday season. If you are a member of the media interested in hearing about more ways companies can protect themselves, please contact Lauren Howe at firstname.lastname@example.org or (443) 519-5455.
About Optiv Security
Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives through our depth and breadth of cyber security offerings, extensive capabilities and proven expertise in cyber security strategy, managed security services, incident response, risk and compliance, security consulting, training and support, integration and architecture services, and security technology. A Blackstone (NYSE: BX) portfolio company, Optiv maintains premium partnerships with more than 400 of the leading security technology manufacturers. For more information, visit www.optiv.com or follow us at www.twitter.com/optiv, www.facebook.com/optivinc and www.linkedin.com/company/optiv-inc.