Keeping your business secure this holiday season

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.net-security.org/article.php?id=2424

2015 is coming to a close, but as employees prepare for the holiday season
and the new year, cyber criminals aren’t taking a break and are looking for
opportunities to take advantage of opportunistic security gaps.

Data breaches are on the rise, making security more critical than ever,
especially in some of the most sensitive industries. And while retail will
continue to be a likely target throughout the biggest shopping season of
the year, industries such as the healthcare, legal, and financial services
are just as vulnerable.

Any number of causes can expose company and customer data to hackers, but
the biggest security breaches are often due to internal oversight. What may
seem like minor employee hiccups pose some of the biggest threats.
Addressing a few key concerns can help you avoid data disasters this
holiday season.

Secure shopping

It’s no secret that employees may be trying to get ahead of some holiday
shopping during lunch or on break. In fact, a recent CareerBuilder report
shows that 50% of employees plan to do their online holiday shopping while
at work. While employees may see little harm in shopping online during work
hours – or even after hours – using company devices, email addresses or
being logged in to non-secure networks can provide a gateway for hackers.
And as the holiday gift- buying panic begins and popular items sell out,
employees desperate for the perfect gift may seek out secondary ecommerce
sites that lack good security controls, or are even fronts for illegal
businesses.

Rather than turning a blind eye, remind employees of ways to stay secure
while shopping this season:

Never use your work email address when signing up for or signing into
websites to shop
Avoid visiting or clicking links to unauthorized websites
Never open suspicious attachments in emails or promotional emails from
unfamiliar sources
Never use your ATM or debit card for transactions – always use a credit
card or other payment system like PayPal.
Never store passwords or payment information.

Out of office protection

The holidays also mean heavy travel. As more employees work remotely, the
temptation to put company documents and other sensitive data on USB sticks,
cloud storage, and consumer file sharing services can pose a threat to
company data. Too often, easy, on-the-go access comes with a host of
security risks. To mitigate these risks, ensure employees know how to
access information securely – and that apps they use integrate with your
existing enterprise security and authentication systems. It’s useful to
have visibility into any file sharing or syncing and the ability to report
on activity.

Think having employees leave computers behind will keep you safe? Sure, you
can’t steal what’s not there, but as the lines between personal and
business use on devices continue to blur, company information can fall
through major security cracks. Employees will be accessing work email and
sharing, uploading or sending information on personal devices, and with the
increase in travel, the threat of lost or stolen devices creates heightened
risk.

To protect themselves, companies should strengthen and communicate their
BYOD policies, and ensure all sync, collaboration, and sharing tools used
by employees meet your enterprise security policies.

Education is your first line of defense

A simple yet effective first step in protecting your enterprise content is
by reminding employees of company policies and security best practices.

Training and information sessions - whether in-person or via video or
conference calls - are ideal for teams to meet and discuss the threat of an
end of year data breach, giving managers the opportunity to walk through
policies and cover common red flags. But when comprehensive training
sessions aren’t possible due to time or resource constraints, alternatives
can be as simple as emailing “cheat sheets” with tips and tricks or hosting
security-focused “office hours” to answer employee questions.

While the holiday season can bring increased hacker activity, educating
your team, tightening your policies and refining your tools can minimize
risk and help you start a successful – and secure – new year.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!