Optiv Security’s Top 12 Tips for More Secure Business Practices During the 2016 Holiday Season
December 08 2016 - 9:41AM
Business Wire
Optiv Security, a market-leading provider of end-to-end cyber
security solutions, today shared a list of a dozen tips for
implementing more secure business practices during the 2016 holiday
season. Optiv’s experienced team of security experts developed
these recommendations to help security and IT teams better prepare
their companies and employees to address the increase in cyber
threats that occur during this time of year.
1. Limit temporary worker privileges. Many organizations
employ temporary workers during the holidays to address increased
demand for their products or services, and backfill employees on
vacation. Criminal organizations know this and seek to take
advantage of the potential “insider threat,” specifically that
temporary workers may be less familiar with corporate policies and
practices. Organizations should limit temporary employees’ access
to corporate systems based on those individuals’ needs to do their
jobs. Therefore, if a criminal successfully social engineers a
temporary worker in order to carry out an attack on the
organization, the fraudster’s access to sensitive company data will
be kept to a minimum.
2. Remember holiday season is phishing season. Research
has proven phishing messages, emails designed to extract
information from recipients for fraudulent purposes, and other spam
activity increase exponentially during the holidays. Alert
employees to expect harvesting attacks using fake shopping portals
and fake shipping entities. Educate employees on how to spot the
difference between legitimate messages and phishing emails as well
as how they can report those scams.
3. Brush up on physical security practices. Offices and
homes see an increase in the delivery of valuable packages this
time of year, which offers more opportunities for theft. When
receiving or sending expensive gifts, remind employees to make
accommodations to safely pick up the packages. They should also
remember to lock file cabinets containing sensitive documents, keep
track of tablets and laptops, and be careful when working in public
spaces such as coffee shops where prying eyes may seek to
compromise valuable information.
4. Promote safe payment methods. It’s important for all
employees to understand the safest payment methods to use when
buying goods and services for personal as well as company-related
purposes (such as client gifts or holiday parties). Whether it’s
using chip readers when available, generating virtual credit card
numbers or using third-party payment applications, educate
individuals on safer ways to pay. If paying by mobile device,
individuals should use contactless payment technology and
integrated payment solutions, and install the official application
directly from the credit card issuer. Also, be sure finance and
accounting departments closely monitor corporate credit card
accounts for potential fraudulent activity, and encourage employees
to check their personal statements.
5. Verify and deploy regular data backups. Ransomware
continues to ravage businesses by holding data hostage for funds,
sometimes going as far as destroying critical data altogether.
Regularly back up data to help mitigate the impact of a ransomware
attack. Also, periodically verify the ability to recover data from
backups.
6. Implement strong safeguards relating to large wire
transfers. Businesses have lost billions in wire transfer
fraud. An example of one common scheme includes emails that appear
to be from a CEO to the CFO asking for large sums of money to be
transferred immediately for a “secret deal.” Without proper
procedures in place, companies may fall victim to this type of
fraud. Organizations need to establish a protocol where two or more
executives are required to approve any wire transfer over a
designated amount—under any circumstances.
7. Check point-of-sale (POS) terminals and cash register
computers daily. Organizations that handle cash and credit card
transactions must make sure to regularly monitor and check POS
terminals and registers for signs of fraud. POS fraud can come in
many forms, including realistic-looking credit card skimmers and
USB devices. Employees should be suspicious of people they don’t
know claiming to be from corporate IT or security teams, as well as
strangers poking around equipment.
8. Encourage use of official apps. Employees will be
hard-pressed to avoid online shopping this time of year. Encourage
them to use a merchant’s official application, as they are usually
more secure than third-party shopping applications. Official
applications are safer than browser shopping due to extra security
measures merchants take to protect their apps and sensitive
customer data. Individuals should make sure they are using the
merchant’s official app, as real-looking imposters can expose
individuals and organizations to fraud.
9. Watch for Internet-connected devices. This year,
research shows an increase in cyber threats as a result of the
growth of the Internet of Things (IoT). Companies and their
employees should take steps to better secure all Internet-connected
devices by following standard security guidelines, including
regular software updates and deploying strong passwords. Also,
individuals should update often overlooked devices such as video
game consoles and smart televisions to reduce the chance of them
being compromised.
10. Keep third-party applications up-to-date.
Organizations use many third-party applications and programs to
conduct business. With so many, it can be difficult to keep patches
up-to-date, but help is usually available. Many patch managers,
programs that automatically update third-party applications, can
keep all critical programs current and thus, more secure.
11. Beware of holiday burnout. IT and security workforces
can feel extra pressure during the end-of-year crunch. When our
mind is elsewhere, it is easy to let our guard down and make a
critical error. Just because someone is willing to work a 12-hour
shift to help out, doesn’t mean it’s a good idea. Make sure
employees get the breaks they need, and have adequate staff on hand
to closely monitor for potential security issues and quickly
remediate them.
12. Do not recycle passwords. Passwords are the first
line of defense against cyber threats. With many people browsing
online retailers and signing up for new accounts this time of year,
remind employees to use proper password procedures. Recommend that
they should never use the same password from their email or bank
accounts, in particular. It is common for usernames to be an email
address. So when individuals use their email addresses as their
passwords, an attacker could easily test this and gain full access
to other accounts.
These are just some of the tips businesses should keep in mind
this holiday season. If you are a member of the media interested in
hearing about more ways companies can protect themselves, please
contact Lauren Howe at lauren.howe@optiv.com or (443) 519-5455.
About Optiv SecurityOptiv is a market-leading provider of
end-to-end cyber security solutions. We help clients plan, build
and run successful cyber security programs that achieve business
objectives through our depth and breadth of cyber security
offerings, extensive capabilities and proven expertise in cyber
security strategy, managed security services, incident response,
risk and compliance, security consulting, training and support,
integration and architecture services, and security technology. A
Blackstone (NYSE: BX) portfolio company, Optiv maintains premium
partnerships with more than 400 of the leading security technology
manufacturers. For more information, visit www.optiv.com or follow
us at www.twitter.com/optiv, www.facebook.com/optivinc and
www.linkedin.com/company/optiv-inc.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20161208005693/en/
Optiv SecurityLauren Howe,
443-519-5455lauren.howe@optiv.comorJason Cook,
816-701-3374jason.cook@optiv.com
Blackstone (NYSE:BX)
Historical Stock Chart
From Mar 2024 to Apr 2024
Blackstone (NYSE:BX)
Historical Stock Chart
From Apr 2023 to Apr 2024