Keep Focused On Security This Holiday Season
Cyber security continues to be a top priority for Canadian companies. With the threat landscape changing daily, senior executives and boards of directors should ensure their IT security teams continuously re-assess if the organization’s security strategy and program are in line with current business needs, and make adjustments as necessary.
Yet, while focusing on security year-round is critical to minimizing cyber risk, the holiday season is a particular time of year when companies should ensure their security teams and employees are following some security best practices.
Beware of BYOD
As the world gets more connected, many organizations are implementing “bring your own device” (BYOD) policies. While convenient on a small scale, bringing hundreds or thousands of internet-connected devices into an organization can present serious security risks. During the holiday season, companies should anticipate a surge in employees connecting shiny new toys—smart phones, tablets, laptops, among others—to the corporate network, increasing the potential for new threats.
It is important to detail what is and is not acceptable when using personal devices at work. Easily accessible virtual private networks (VPNs), password-protected devices and security training and education can go a long way.
Be Alert to Insiders
When companies think of a cyberattack, many might envision someone from across the country or world clacking away at a keyboard—mining for juicy information.
The reality is much more boring but no less dangerous. Those already within your organization—or third parties such as temporary employees or sub-contractors your organization may employ during the holidays—are among the highest security risks.
Since many employees or contactors are granted access to buildings, company information and other sensitive materials, they can easily slip past initial defenses, such as firewalls. Educating employees on how to look for possible “bad actors” in your organization is one big way to help curb the insider threat and third-party risk.
Look Out for Holiday Phishing
One of the most common ways information is stolen from organizations is via email phishing scams. Today, ransomware—malicious software that holds information “for ransom” until an amount is paid to the attacker—is often delivered via phishing emails.
Identifying a phishing or ransomware email is becoming increasingly difficult, and the holiday season is a prime time for attackers to catch unsuspecting online shoppers—such as human resources departments purchasing gifts for employees. Malicious emails grow more sophisticated by the day, so it’s important to train employees on what to look for and know what steps to take if they receive one.
Don’t Forget the Power of the Password
Passwords have become such a huge part of our working lives, it’s easy to take them for granted. And especially during the holidays when we get wrapped up in the end-of-year craze. Don’t. This lax attitude is exactly what hackers prey upon.
Passwords continue to serve as a first line of defense. At a minimum, employees should change them frequently (at least every 90 days), make them at least 12 characters and ensure they consist of numbers, letters, special symbols and a mix of upper- and lower-case letters.
Password manager tools are available to help create complex passwords, as well as keep track of which ones go to which accounts.
Keep the Holidays Happy
As 2016 comes to a close, there are many areas companies need to focus to help make the year a complete success. Ensuring the organization stays safe and minimizes risk needs to be one of those priorities, but it requires the help from every employee in the company. With everyone on board, it hopefully will be a more joyous holiday season and a happy new year for all.
Cheryl McGrath is the country general manager in Canada for Optiv. Previously, she served as district manager for EMC where she led an enterprise district in Canada, and held multiple leadership positions at Xerox Canada.