[December 08, 2016] |
|
Optiv Security's Top 12 Tips for More Secure Business Practices During the 2016 Holiday Season
Optiv
Security, a market-leading provider of end-to-end cyber security
solutions, today shared a list of a dozen tips for implementing more
secure business practices during the 2016 holiday season. Optiv's
experienced team of security experts developed these recommendations to
help security and IT teams better prepare their companies and employees
to address the increase in cyber threats that occur during this time of
year.
1. Limit temporary worker privileges. Many organizations employ
temporary workers during the holidays to address increased demand for
their products or services, and backfill employees on vacation. Criminal
organizations know this and seek to take advantage of the potential
"insider threat," specifically that temporary workers may be less
familiar with corporate policies and practices. Organizations should
limit temporary employees' access to corporate systems based on those
individuals' needs to do their jobs. Therefore, if a criminal
successfully social engineers a temporary worker in order to carry out
an attack on the organization, the fraudster's access to sensitive
company data will be kept to a minimum.
2. Remember holiday season is phishing season. Research has
proven phishing messages, emails designed to extract information from
recipients for fraudulent purposes, and other spam activity increase
exponentially during the holidays. Alert employees to expect harvesting
attacks using fake shopping portals and fake shipping entities. Educate
employees on how to spot the difference between legitimate messages and
phishing emails as well as how they can report those scams.
3. Brush up on physical security practices. Offices and homes see
an increase in the delivery of valuable packages this time of year,
which offers more opportunities for theft. When receiving or sending
expensive gifts, remind employees to make accommodations to safely pick
up the packages. They should also remember to lock file cabinets
containing sensitive documents, keep track of tablets and laptops, and
be careful when working in public spaces such as coffee shops where
prying eyes may seek to compromise valuable information.
4. Promote safe payment methods. It's important for all employees
to understand the safest payment methods to use when buying goods and
services for personal as well as company-related purposes (such as
client gifts or holiday parties). Whether it's using chip readers when
available, generating virtual credit card numbers or using third-party
payment applications, educate individuals on safer ways to pay. If
paying by mobile device, individuals should use contactless payment
technology and integrated payment solutions, and install the official
application directly from the credit card issuer. Also, be sure finance
and accounting departments closely monitor corporate credit card
accounts for potential fraudulent activity, and encourage employees to
check their personal statements.
5. Verify and deploy regular data backups. Ransomware continues
to ravage businesses by holding data hostag for funds, sometimes going
as far as destroying critical data altogether. Regularly back up data to
help mitigate the impact of a ransomware attack. Also, periodically
verify the ability to recover data from backups.
6. Implement strong safeguards relating to large wire transfers.
Businesses have lost billions in wire transfer fraud. An example of one
common scheme includes emails that appear to be from a CEO to the CFO
asking for large sums of money to be transferred immediately for a
"secret deal." Without proper procedures in place, companies may fall
victim to this type of fraud. Organizations need to establish a protocol
where two or more executives are required to approve any wire transfer
over a designated amount-under any circumstances.
7. Check point-of-sale (POS) terminals and cash register computers
daily. Organizations that handle cash and credit card transactions
must make sure to regularly monitor and check POS terminals and
registers for signs of fraud. POS fraud can come in many forms,
including realistic-looking credit card skimmers and USB devices.
Employees should be suspicious of people they don't know claiming to be
from corporate IT or security teams, as well as strangers poking around
equipment.
8. Encourage use of official apps. Employees will be hard-pressed
to avoid online shopping this time of year. Encourage them to use a
merchant's official application, as they are usually more secure than
third-party shopping applications. Official applications are safer than
browser shopping due to extra security measures merchants take to
protect their apps and sensitive customer data. Individuals should make
sure they are using the merchant's official app, as real-looking
imposters can expose individuals and organizations to fraud.
9. Watch for Internet-connected devices. This year, research
shows an increase in cyber threats as a result of the growth of the
Internet of Things (IoT). Companies and their employees should take
steps to better secure all Internet-connected devices by following
standard security guidelines, including regular software updates and
deploying strong passwords. Also, individuals should update often
overlooked devices such as video game consoles and smart televisions to
reduce the chance of them being compromised.
10. Keep third-party applications up-to-date. Organizations use
many third-party applications and programs to conduct business. With so
many, it can be difficult to keep patches up-to-date, but help is
usually available. Many patch managers, programs that automatically
update third-party applications, can keep all critical programs current
and thus, more secure.
11. Beware of holiday burnout. IT and security workforces can
feel extra pressure during the end-of-year crunch. When our mind is
elsewhere, it is easy to let our guard down and make a critical error.
Just because someone is willing to work a 12-hour shift to help out,
doesn't mean it's a good idea. Make sure employees get the breaks they
need, and have adequate staff on hand to closely monitor for potential
security issues and quickly remediate them.
12. Do not recycle passwords. Passwords are the first line of
defense against cyber threats. With many people browsing online
retailers and signing up for new accounts this time of year, remind
employees to use proper password procedures. Recommend that they should
never use the same password from their email or bank accounts, in
particular. It is common for usernames to be an email address. So when
individuals use their email addresses as their passwords, an attacker
could easily test this and gain full access to other accounts.
These are just some of the tips businesses should keep in mind this
holiday season. If you are a member of the media interested in hearing
about more ways companies can protect themselves, please contact Lauren
Howe at [email protected]
or (443) 519-5455.
About Optiv Security Optiv is a market-leading provider of
end-to-end cyber security solutions. We help clients plan, build and run
successful cyber security programs that achieve business objectives
through our depth and breadth of cyber security offerings, extensive
capabilities and proven expertise in cyber security strategy, managed
security services, incident response, risk and compliance, security
consulting, training and support, integration and architecture services,
and security technology. A Blackstone (NYSE: BX) portfolio company,
Optiv maintains premium partnerships with more than 400 of the leading
security technology manufacturers. For more information, visit www.optiv.com
or follow us at www.twitter.com/optiv,
www.facebook.com/optivinc
and www.linkedin.com/company/optiv-inc.
View source version on businesswire.com: http://www.businesswire.com/news/home/20161208005693/en/
[ Back To Mobile World Congress's Homepage ]
|