7 Tips to Keep you and Your Organization Safe This Holiday Season
Dec 02, 2020
This holiday season, cybercriminals are buzzing over the countless opportunities to steal your information. This year, a recent trend toward online shopping will be exacerbated further by the presence of COVID-19 and the subsequent lockdown orders over the following months. If you don’t think this is a problem your organization needs to address, think again. Whether you like it or not, employees will be shopping on company networks and machines. Adding insult to injury, most users repeat passwords across multiple personal and professional accounts, putting your organization at further risk. These risks can be addressed and mitigated, but it doesn’t stop there. It’s important to know what to look out for and how you can protect yourself further. The Cybersecurity and Infrastructure Security Agency (CISA) offers these tips to help employers and employees stay safe over the holiday season.
“Cyber threats change with the times and seasons, and this year will be no different. Organizations should educate their employees to be on the lookout for common attack vectors including phishing, smishing, and other fraudulent attempts to take advantage of employees. A comprehensive security awareness training program helps convey this knowledge throughout the organization.”Secuvant’s Director of Risk Services, Richard Rieben.
Only Shop Through Trusted Sources
- Always verify the legitimacy of the sites you are browsing before supplying any information. Before providing any personal or financial information, make sure that you are interacting with a reputable vendor. If you’ve never heard of it before, check twice before handing over your data.
- Cybercriminals will often send phishing emails designed to look like they’re from retailers but rather contain malicious links that ask for you to input your personal or financial information.
- Don’t click links or download attachments unless you’re confident of where they came from. If you’re unsure if an email is legitimate, type the URL of the retailer or other company into your web browser as opposed to clicking the link.
- Also, be aware that legitimate businesses will never email you asking for this information. For this reason, never provide your password or personal or financial information in response to an unsolicited email.
- Make sure your information is being encrypted. Many sites use Transport Layer Security (TLS), the successor protocol to SSL to encrypt data. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a padlock icon. It’s also important to avoid connecting to unsecured public Wi-Fi, especially to do your banking or shopping.
Use Safe Methods for Purchases
- If you can, use a credit card instead of a debit card, even when using a payment gateway such as PayPal, Google Wallet, or Apple Pay. There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards.
- You’ll likely make more purchases over the holiday season, be sure to frequently check your credit card and bank statements for any fraudulent charges.
Watch out for Phony Charities
- Before clicking on a link to donate online, make sure you know who is receiving your donation. These organizations offer reports and ratings about how charitable organizations spend donations and how they conduct business:
- You can find your state charity regulator at nasconet.org. Most states require the charity or its fundraiser to register to ask for donations. If you see any red flags, or if you’re not sure about how a charity will use your contribution, consider giving to a different charity.
Like any other time of the year, practicing good cyber hygiene is of great importance. During the holiday season, however, vigilance is especially imperative. Whether they’re creating fraudulent sites, spamming you with phishing emails, or stooping as low as creating fake charities, cybercriminals will use the holiday season to mask their intentions and manipulate. Following the aforementioned tips can help to mitigate risk for organizations and individuals alike. This time of year can be stressful as it is, don’t allow cybercriminals to add to it.
Located in Salt Lake City, Utah, Secuvant is a global leader in integrated cyber threat analytics and risk advisory services, built on a value system of client focus, integrity, accountability, execution, and teamwork. Secuvant’s mission is to provide clients with a Clear Path Forward in their pursuit of establishing an acceptable security risk posture. Secuvant’s success is built upon strict adherence to its values, a functioning world-class advisory board, the unique combination of cybersecurity expertise and industry / vertical specialization, and a team of experts that repeatedly deliver best-in-class managed and advisory cybersecurity and risk services. Secuvant understands Cyber Risk is Business Risk™ and uses methodologies and metrics aimed at minimizing business risk. Services include, but are not limited to, Security Gap and Risk Assessments, Risk Program Management, Executive and Board Cyber Advisory, Penetration Testing, Security Monitoring, Managed Detection and Response and Incident Response services. To learn more, visit www.secuvant.com.