As we talked about in our blog regarding Black Friday Scams, the holiday season is full of opportunities. Most holiday opportunities are joyful and good, but there are bad guys who would like nothing more than to ruin your business’s day by holding data for ransom or even just wrecking things for fun. Here’s a quick list to share for some IT holiday security pointers:
IT security isn’t just online. Physical security can be more easily compromised with couriers visiting more often for many businesses (alongside what might simply be increased hustle and bustle). Lock drawers and computers when walking away from your desk. Make sure to remain stringent in enforcing normal physical security. We’ve heard the saying, but it certainly applies here….IF YOU SEE SOMETHING, SAY SOMETHING!
Remote workers should be using company-monitored equipment if at all possible. A professionally monitored PC environment should be much more difficult to gain access via methods such as antivirus, zero-trust policies, MFA (more below) and strong password policy requirements.
Utilize MFA! One of the simplest and most inexpensive ways to add a significant layer of cyberdefense is through the use of MFA (multi-factor authentication). This protects passwords that can be hacked via educated guess or brute force—especially weak passwords—by requiring a special second step of authentication.
Pay attention to security of websites before entering in confidential information, such as credit card numbers. This can be determined by checking a website for a lock near the URL. If in doubt, look at the entire URL and make sure it begins with “https”, not just “http”.
Pay attention to fire hazards. Use of workplace kitchens (for company parties, for example) and open flame sources such as candles can be more prevalent during the holidays. We know–we often preach about cybersecurity, so why is this on a list of IT holiday security pointers? It’s because a building fire will also bring down a company’s IT. (Does your business have an IT Disaster Recovery Plan? When is the last time your team updated it?)
Avoid public WiFi connections. The wifi available in public places is often open or, if encrypted, the encryption key is unguarded. This makes it easy for a bad actor to sniff packets, which is a fancy way of saying eavesdrop on your internet activity. While this can be somewhat mitigated with a VPN, a better practice is to use mobile data or a private hotspot for mobile access.
Think before you click. This is a common technique for phishing training and certainly applies to holiday situations. Double check the URL address (and remember this is often difficult or impossible on mobile devices) before clicking.
Monitor access to IT systems. This can be related to internal company systems, company accounts, or any other confidential information. If no one is watching, it’s much easier for the bad guys to get in and out with no one noticing.
Contact us if you’re not sure what to do. Our team of experts is ready to assist and protect you and your team this holiday season!
Check out this free resource kit from our partner KnowBe4 to augment the above IT holiday security pointers. Help your users make smarter security decisions this holiday season and beyond! Get Your Kit from KnowBe4!