Let warning bells ring louder than jingle bells this holiday season

A special time of year for cyber criminals 

With the holiday period fast approaching, it’s not going to slow down. While Christmas and the New Year are for celebration, relaxation, and merrymaking, they’re also a special time of year for cyber criminals. They’ll happily take advantage of the distraction during one of the busiest seasons for many organisations.

 If cyber criminals are busy, so are you. Here’s three ways your organisation can stay vigilant and secure during this time. 

1.  “Extra-connect” with your people

The end of year is a critical time to “extra-connect” with your people, to reinforce the types of threats or scams that could arise and how they can stay secure.    

 Ensure that your employees understand basic security skills and test how risk adverse they are. Try increasing the number of relevant Phishing Tests, some clever posters on walls, or some desktop wallpaper. Another way to avoid the “not more compliance training” moans is to have brown bag lunch sessions for 20-30 minutes and speak about current cyber events. This will ultimately embed the importance of cyber security awareness across the organisation.  

Make cyber security awareness as personal to your people as possible. If your employees understand the risk to them personally, they may think twice about clicking the link on that surprise gift card.  

 2. Scan your perimeter  

Think about the threat actors who are realistically interested in your organisation. State-based actors make the news, but unless you’re the military your concerns are likely run-of-the-mill criminals interested in one thing – money and fraud.  

 Have you ever wondered why Mr. Claus doesn’t just use the front door instead of squeezing down the chimney? Well cyber criminals have figured that out. It’s important to remember that hackers are not always spending months planning an elaborate attack on your organisation. They are opportunistic in nature and are scanning the internet for easy ways in i.e., the front door.  

 Get in first to scan your perimeter and understand your assets. The best cyber teams in the world have blind spots, so continually scan, fix, and make it harder for the bad guy to get in.  

 An unsecured API, unauthenticated services, and inherently insecure services like FTP, TELNET, or service that don’t encrypt your user ID and password are all they need. The recent breaches in the news are prime examples of blind spots that turned into major security incidents. Know and mitigate your risks wherever you can. 

3. Don’t forget the fundamentals  

You’ve heard them over and over again and they remain as relevant as ever. For personal and professional security:

1. Strengthen your passwords or forget them completely and start using passphrases. 
2. Use two-factor authentication on any service where it is available. 
3. Watch out for unusual unsolicited requests for personal information or calls to action associated with your accounts. 
4. Think before you click!

For your organisational security: 

1. Teach your people the basics (above). Wash, rinse, repeat. 
2. Scan your perimeter, understand your assets, and limit your risk. 
3. Upgrade your devices and software in line with your patching policy.
4. Interactive is here to help 24/7/365 days a year.