December 13, 2016
Is your organization ready for the holiday season?
ThreatMetrix, a security technology company, recently forecasted a sharp increase in cyber attacks targeting key retailers with a potential 50 million cyber crime attacks during this year’s peak shopping week.
The Q3 report by ThreatMetrix analyzed almost 5 billion transactions and showed that 130 million attacks on financial companies and merchants were blocked – which is a 40% increase compared to the same period in 2015.
Unfortunately, at holiday time all organizations and workplaces become more vulnerable to the risk of security breaches – and information thieves are counting on it.
Here are the top three holiday vulnerabilities – and ways to protect data and keep your organization secure:
Online Shopping: Fraudsters posing as legitimate customers can lead to account takeover and new account creation fraud. At the same time, employees are shopping online more often and putting personal and company information at risk. The most popular holiday scams include phishing emails, fake promotions on social media and retail websites, and legitimate-appearing e-card sites. Criminals try to lure victims to click on malicious links and/or provide credit card and other personal information.
What to do: Utilize fraud detection and other safeguarding technology. Financial Fraud Action UK (FFA UK) also urges everyone to be vigilant when shopping online. Communicate holiday scam information to employees, and teach safeguarding tips during on-going education. For example, always cheque the authenticity of online retailers, and never open an email or attachment from an unknown sender.
Working from Home: When employees take time off, they often take work home too. But during the festive season, there’s a tendency to be careless with information and work behaviour. Leaving confidential information in vehicles or replying to a holiday phishing campaign may occur (this year, cyber-criminals are targeting mobile devices with text messages requesting charitable donations).
What to do: Implement a culture of security, and provide employees with tools and information to stay secure at all times. To protect documents, it’s most important that staff only remove the confidential information that is necessary. As part of a mobile security policy, there should be access controls, and all devices should be equipped with safeguards such as anti-virus and anti-malware. Also, avoid public (and unsecured) WiFi, and never leave confidential documents in view in vehicles.
Skeleton Staff: A skeleton staff in the office over the holidays can leave the workplace vulnerable to insider fraudsters.
What to do: Implement a Clean Desk Policy so that employees lock down all computers and equipment and leave their area clear of documents. Provide a Fraud Hotline so employees can easily report fraudulent behaviour. Partner with a document destruction leader that installs locked consoles for storing documents that need to be securely destroyed. Avoid stockpiling legacy and obsolete computers in the office. Confidential information on hard drives can still be accessed by information thieves. The document destruction company should also provide secure hard drive and e-media destruction services.
To learn more about how to keep your workplace secure over the holidays, checkout our office security infographic.