The holiday season is finally here and with it brings a multitude of sales. According to Pew Research Center, 80% of American adults are now purchasing products online. But may of these online shoppers don’t realize the potential risk involved with online scams and fraud perpetrated by cybercriminals to deceive buyers.
In this blog, we provide cyber security tips both for the consumer and organizations of all sizes during this peak holiday period.
Online Shopping Tips for Buyers
Be Cautious of Online Links: Phishing schemes deliver nearly 90% of malware and malicious actors delivered by cyber attackers. It’s important that you’re hyper-aware of Black Friday scams this season. When in doubt, don’t click on any link. But if you’re unsure about a link, you can hover over the link and the URL should be displayed in the lower left-hand corner of your browser.
Never Purchase on Open Wi-Fi Hotspots: As an online shopper, never use public Wi-Fi when making a purchase, transaction, or checking online banking information without using a virutal Private Network. A VPN guards your private data by using encryption and makes it much more difficult for a cyber criminal to obtain access to your device. If you don’t have a VPN application, use a cellular network when security is important in these situations.
Use Strong Passwords on all Online Accounts: Using strong passwords are paramount to keeping cyber criminals out of your data. According to the National Institute of Standars and Technology’s (NIST) 2017 new password policy framework, you should consider using the following personal password policy:
- Dropping the crazy, complex mixture of uppercase letters, symbols, and numbers. Instead, opt for something more use-friendly but with at least eight characters and a maximum length of 64 characters.
- Don’t use the same password twice.
- The password should contain at least one lowercase letter, one uppercase letter, one number, and four symbols but not the following &%#@_.
- Choose something that is easy to remember and never leave a password hint out in the open or make it publicly available for hackers to see.
- Reset your password when you forget it. But, change it once per year as a general refresh.
Make sure you have and update your anti-virus: Your devices should always be equipped with anti-virus (AV) protection software. AV software is just one defense against fighting malicious attacks. AV software uses a database of known malware and malware and other malicious viruses from entering your device and compromising your data. Always use or purchase an AV solution from trusted vendors and only run one AV tool on your device.
Check the website you’re buying from: When you’re shopping online, make sure that the business is using an encrypted HTTP or HTTPS connection. Every URL on the website should start with https:// and signifies that the store has taken extra measures to secure its financial transactions. This is a great way to avoid Black Friday scams and imposter phishing websites.
Monitor your online accounts and credit reports regularly: During and after this holiday season of purchasing, you may want to monitor your online accounts and credit reports to see any inconsistencies. As we saw from the Equifax breach, it’s very important for consumers to protect their online accounts and monitor credit reports for any changes in activity. You may also want to consider a credit freeze for added protection during this season.
Holiday Security Tips for Companies and Employees
Monitor Your Security Events Closely: If your organization or your Managed Security Services Provider is focused on threat hunting, you or the provider will need to closely monitor, analyze, and investigate malicious code and callbacks, both attempted and successful security incidents on your network. Use these incidents as opportunities to gain insights into this fast-paced season of cyber attacks. A 24X7 Security Operations Center should use threat monitoring capabilities to understand how threats operate before they even hit your network.
Be Hyper Aware of Phishing Attempts: Phishing attempts re the number one cause of security breaches for an organization. Arm your organization with Next-Gen Anti-Virus to protect your endpoints against zero-day exploits and infected endpoints from further corrupting your network. A Next-Gen AV solution can help drastically mitigate against ransomware threats that are delivered through phishing attempts to your employees.
Consider a Quick Vulnerability Scan: If you currently have a Vulnerability and Compliance Management (VCM) tool you can run a quick scan to identify the gaps and security misconfigurations within your network. During this peak holiday period, a quality VCM tool can continuously keep an eye on your security infrastructure and assets to ensure that vulnerabilities are not goin to compromise your business operations significantly. A VCM tool will significantly reduce your overall risk during this critical period.
Train and Educate Your Staff: Employees may be shopping on company equipment which may not be allowed by your security and internet usage policy. Make sure you are conducting regular security training so that all employees know about your security polices and are familiar with the most common cybersecurity risks. If you can train and educate your employees about the pitfalls and indicators to look for in a “phishy” looking email, your organization will be well served.
This holiday shopping season might seem like a bad dream for you personally or to your security operations. But, when you implement some of these security best practices above you will be in a much better place to enjoy the time with family and friends.