‘Tis the season for scams: tips for protecting your business
The holiday season is a busy time, both for businesses trying to close last minute deals, and for consumers buying gifts for their loved ones. It’s also a busy time for fraudsters wanting to take advantage of increased online activity. But don’t panic. Here are a few tips to help you protect your businesses and employees for the next few weeks, and throughout the New Year:
- Pay attention to email scams. The holidays are a busy sales time with lots of email communications. Fraudsters count on lack of attention from their victims and will target your organization with seasonal hacks. Remind employees to stay vigilant to ensure that a holiday e-card from what appears to be a regular vendor or last-minute sales order they’re waiting for isn’t actually a phishing or a ransomware attack.
- Protect work devices and employees from hacks. Whether or not employers approve, the fact of the matter is that 53% of the workforce shops online at work during the holiday season. You can bet that they’re likely on work-sponsored computers too. Provide your employees with safety tips to protect them and your organization from potential fraud that can result from their online shopping sprees:
- Remind employees not to reuse any passwords that they use for applications at work to create personal accounts on shopping sites
- Ask workers not to use their work email accounts for shipping That way, any phishing emails appearing to come from UPS or FedEx will look out of place should one be received in their work Inbox.
- Use secure connections for remote workers. Many travel or work remotely during the holiday season. If you have a VPN, make sure two-factor authentication is also enabled for remote access. While you are at it, remind employees to always use their VPN when logging onto public WiFi hotspots at hotels, airports, and cafes.
- Monitor privileged access for temporary workers. If you are hiring temporary workers over the holidays, give them the least amount of access privilege needed for them to perform their job function. And be sure to set up auto-expiring accounts for the date that their contract ends.
- Don’t put technology development and security patching updates on hold. IT and Security teams are slammed during this busy sales season making sure nothing breaks. Resources are often stretched as well, with team vacations, etc. It’s tempting to postpone work on that ‘minor’ security patch. But hackers are banking on this possibility and are ready to take advantage of your temporary weakened security protocols. Make sure to keep up with your security updates and remind employees to not skip over operating systems updates.
A lot of IT security comes down to user education — communicating about company policies, the dangers of phishing, best practices for staying safe, etc. This shouldn’t just be something you do around the holidays, though; employee education should be a regular part of your IT strategy.