The holiday season gives malicious actors the perfect opportunity to attack your organization’s systems to obtain sensitive data or otherwise create expensive problems for your company. According to McAfee, 81% of surveyed organizations experience increased cyber threats during the holiday season.
Bad actors take full advantage of the season. Employees are more likely to fall for social engineering attempts based on holiday-related topics, such as travel or shopping phishing emails. Remote connections are often targeted as it’s widely known that many employees will be working from home. Any business with a customer-facing online store will have more attention from both customers and cybercriminals.
We asked our Chief Technology Officer, Yehuda Raz, to provide an actionable list of holiday cybersecurity awareness tips to help protect your organization from some of the biggest threats this holiday season.
1. Use a Hardened VPN Solution for Remote Workers
A cybersecurity risk assessment considers the security of every endpoint, especially in regards to how it connects to the company infrastructure. Hardened VPNs must be used company-wide to ensure that remote devices do not become entry-points for threat actors.
A hardened VPN has undergone additional configuration designed to strengthen security for your organization’s exact needs. VPN vendors provide a solution that will work for essentially anyone, but relying only on their security can leave your company vulnerable.
Take the extra time to have your IT department thoroughly configure your VPN so that it allows the exact level of access and network traffic that is required.
2. Company-wide review of Mobile Device Security Policies
Employees that use personal mobile devices for work are usually more productive and communicative, but they also represent a security risk. A ‘Bring Your Own Device’ (BYOD) program is an inevitable part of most organizations but it can create vulnerabilities that need to be mitigated especially during the holiday season. Clicking on a misleading link or downloading the wrong app is all it takes to put your organization at risk.
Provide additional training to all employees on mobile device security policies, especially if you have a BYOD program. Training should cover topics specific to how employees can protect against cyber attacks that commonly target mobile users. Most of these attacks are social engineering or phishing attempts, but they can take on specific forms when aimed at mobile devices.
You should also review your mobile device management (MDM) solution for any updates that may need to be pushed to all devices. Ensure apps are all up-to-date and security updates deployed. Mobile endpoint security begins with a secure and regularly updated MDM solution and continues with thorough employee training.
3. Employ or Update Tools with a Robust Alert System
It is important to install updated tools that will warn you of any unusual activity and send actionable alerts about potential threats to your infrastructure.
These tools should alert you of any possible threat, not just obvious intrusion attempts. Any suspicious activity throughout the endpoint perimeter or anywhere else internally in the network.
Cyber risk monitoring depends on having systems in place that notify the right people about potentially damaging situations regardless of where they occur, enabling action to be taken immediately
4. Create a Narrow Digital Footprint to Reduce Risks
People unfamiliar with cybersecurity often imagine cybercriminals as typing furiously on a command console until they gain access to whatever they need. In reality, cybercriminals don’t exclusively rely on programming and networking knowledge to carry out an attack.
In preparation, threat actors will use widely-available tools to scope the entire digital footprint of your company in order to find small pieces of information that will help penetrate firewalls or possible entry-points. Your digital footprint includes all the information that is publicly available online. This often extends to the online presence of employees, especially high-level managers or IT specialists.
Take time to audit your digital footprint and remove anything from platforms you control that might be too revealing or even just unnecessary. You can never predict all the ways someone might connect the dots and discover a unique angle to attack your company’s infrastructure.
5. Provide Comprehensive Training About Social Engineering Attempts
Cybercrime does not necessarily require highly specialized knowledge and training. Someone can simply be skilled at manipulation and trust-building to attack your company. Social engineering is an entire category of cybercrimes that attack the human element of a company in order to gain access to the desired information.
Phishing, pretexting, watering holes, and baiting attacks are all established techniques that criminals use to commit cybercrimes without writing a single line of code.
Protect your company’s most vulnerable element by providing specific training to every employee about common social engineering attempts in your industry. The holiday season gives criminals new ways to build trust and manipulate people. Cyber risk management means making sure your employees are prepared.
You Must Protect your Company During the Holiday Season
Dozens of factors make the holiday season a crucial focus for cybersecurity managers. Reduce the likelihood of a successful attack and increase peace of mind with these steps.
Train your employees to identify and stop social engineering attempts, increase end-point security, update your MDM solution, and utilize a monitoring system that alerts technicians of any suspicious activity anywhere on the network.
Happy holidays from the Centraleyes team. See you in 2022!
Start Getting Value With
Centraleyes for Free
See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days