10 Tips to Help Businesses Stay Secure for the Holidays
December 8, 2015As we gear up for our holiday celebrations it’s important to remember that during this time when staff is in and out on vacation, you need to be diligent in protecting your business from potential threats.
That’s why Optiv Security, a national cyber security solutions provider, has shared a handy dandy list of the top 10 things businesses can do to help them stay secure during the holiday festivities.
RELATED: Prevent Credit Card Fraud this Holiday Season
Here goes: While we all continue to gear up for our holiday celebrations, it’s also important to remember that during this time when staff is in and out on vacation, you need to be diligent in protecting your business from potential threats.
Know who on your security team is on vacation and have a plan. One less person could result in holes in your security program and potential attacks going undetected.Review procedures and response plans, and make sure you know who is filling in where and when.
Answer unknown phone numbers. This seems contradictory to what many people might believe, but an unknown number could be a notification from your organization’s bank or corporate credit card company informing you of a potentially fraudulent purchase or withdrawal. Make sure your accounting teams know to answer any phone calls they receive.
Familiarize appropriate teams with fraud protocols. Numerous small charges on a corporate credit card can go undetected for some time. As such, it’s important for executive assistants, accounting professionals and any other employees who handle statements for these accounts to be familiar with your credit card company’s protocol for flagging odd-looking purchases.
Educate employees on how to identify a phishing attack. Popular phishing attacks around the holidays include failed delivery notifications that instruct the recipient to click on a link or open an attachment, and fake billing statements that appear to come from credit card companies regarding recent purchases. Employees should carefully read the email and contact the company directly instead of clicking on any links or opening attachments.
RELATED: National Identity Theft Prevention and Awareness Month
Ensure employees are empowered to report cyber attacks. While teaching employees how to protect themselves is important, it is equally important that employees know they can report concerns without retribution. If an employee’s machine has been compromised, you must ensure they immediately report the issue instead of attempting to resolve it on their own.
Be extra vigilant about unwanted visitors inside company facilities. All employees should watch for people trying to tailgate behind employees or use social engineering tactics to gain entrance into facilities, and pay close attention to people attempting to make deliveries. Make sure they ask to see proper identification and pick up packages in the lobby or have the receptionist keep them. If visitors are permitted into main areas, make sure they are escorted at all times.
Limit what information is included in out of office email and voicemail messages. Employees should keep messages generic and not provide details on where they plan to travel. They should brief their designated contact person about any active projects and instruct them what to do in case of an emergency. Those individuals may be targets of social engineering attacks that attempt to coerce the individual into taking action such as wiring money for a business deal.
Be careful what your company posts on social media channels. For example, posting a comment on the company Facebook page about all employees leaving the office early to attend a holiday party off-site could leave the office susceptible to a physical or cyber attack if employees are not available to closely monitor facilities and networks. Individuals responsible for social media accounts should wait to post any reference to off-site employee gatherings until after they occur.
New technology = new opportunities for hacking. New mobile devices are a hot holiday item, and employees could be using them to hold your company’s data. With every new technology there are exciting new features, but not all of them have been developed with security or privacy in mind. Be diligent and understand what new technology is coming in your door and inform users on the basics of patching, policy and privacy. Also, educate users on how to connect to corporate Wi-Fi, free Wi-Fi and other hotspots, and provide guidance on how to be secure with each.
Patch. Patch. Patch. Update company software to the most current versions that include important security updates to protect computers against the latest known threats.
Are you a victim of fraud or money scam? Share your story with us on the Money Credit and You Facebook page!
List courtesy of Optiv Security, article published on BizJournals & photo Alberta Securities.