Experts estimate as much as 70% of security incidents and breaches are employee related. Paired with the seasonal spike in e-commerce shopping and vacation time for the holidays, this could spell disaster. As most people are distracted by the holidays, hackers take advantage of this, increasing their attacks. With this in mind, one thing you want to immediately do is remind your entire team on how to keep themselves and your organization protected over the holidays. This company-wide communication should reiterate the importance of holiday cybersecurity tips, including the following:
• Reinforce password safety
A recent study showed 61% of respondents used the same passwords across multiple websites. The 18-24 age group was found to be the most likely to reuse passwords, surprisingly. Remind your staff of the abundant password management resources available for free across the internet, including Keeper and Bitwarden. These managers generate random passwords and encrypt them, ensuring the integrity of your logins. You can even set up two factor authentication with these managers.
• Safeguard your work collaboration platforms
One of the easiest ways for cybercriminals to access organizations is through company collaboration platforms like Slack and Microsoft Teams. Hackers gain unauthorized access to these critical channels through sending malicious links to company emails. If an employee clicks on a malicious link, DDoS or ransomware attacks will employ at the click of a button. Remind your team to never, ever click on links from e-mails and phone numbers they don’t recognize. Ensure everyone has spam filters turned on, and to exercise extreme caution when opening links or attachments from sources outside of the organization. If staff doesn’t recognize the sender, they shouldn’t ever open anything linked to the email.
A new method hackers use is sending 2FA emails and notifications to employees of organizations they are trying to infiltrate. Never, ever confirm a 2FA request unless you’re actively signing into an account that requires this authentication. Hackers could gain access into your accounts if you accept an authorization request that they have triggered – see the infamous GTA 6 leak. Hackers got into Rockstar Games’ internal Slack channel employing this exact method, stealing tons of information relating to GTA 6, a highly anticipated upcoming video game designed by the company.
• Social engineering and email safety
Hackers have designed scams to entrap those who regularly check their email, called ‘social engineering’. The most common type of this scam is phishing, where hackers will attempt to concoct a sense of urgency that they hope will tempt the recipient to click on a malicious link or provide personal information to remediate a situation. Common phishing attempts include fraudulent password reset notifications, which is how hackers can easily uncover passwords.
Reiterate to your staff the importance of email safety – easy ways to spot phishing scams include emails using fake domain names, or public domain addresses like Gmail or Yahoo. Other ways to spot these scams include the email containing strange attachments, typos, or grammatical errors (or all three), and the creation of a sense of urgency. Your staff should NEVER click on links or open attachments from senders they don’t recognize. Ensure they are exercising the upmost caution.
• Internet browsing safety
As the holidays quickly approach, the influx of e-commerce shopping increases year by year. When shopping online, always ensure you are purchasing from a secure site. Always make sure the website starts with an https: – the s stands for secure. There might also be a padlock icon next to the address bar to inform you of the site’s security. Don’t ever enter personal information into a website that only starts with http: – this is not a secure site. Internet security software is a must have. This software will detect and remove most malware. Always make sure you are running the most updated version of your security software, providing a vital layer of security for your devices.