Security experts warn that the upcoming Thanksgiving holiday period isn’t just great for bargain hunters but also for cybercriminals looking to spoil your weekend. “This year, with a significant increase in fraudulent activities reported,” a new report from CybeReady says, “the risks are higher than ever.” Here are five cybersecurity tips to help you, your family and your business to stay safe over Thanksgiving weekend this year.
Thanksgiving Ransomware Attacks
The long Thanksgiving weekend heralds one of the busiest times of the year for cybercriminals looking to turn happiness into misery for organizations and individuals alike. Ransomware attacks are often timed for such a holiday weekend in the knowledge that staff coverage will likely be minimal. Phishing scams targeting holiday shoppers will most likely also increase to take advantage of the season, often as a way of gaining initial access to a corporate network. But here are five simple cybersecurity hygiene steps you can take to help thwart the hackers this holiday.
1 – Ready Your Incident Response Plan
Ensure your organization has adequate security cover by way of on-call staff across the Thanksgiving weekend. This cover should extend to key staff required should the sticky stuff hit the fan through a ransomware attack, for example. So, ensure you have your incident response plan reviewed and updated. Just because desks are empty due to holiday leave doesn’t mean you leave the office door metaphorically open.
2 – Use Generic Out-Of-Office Responses
Use generic out-of-office messages for all external recipients by email, messaging or telephone. Cybercriminals can determine a lot of useful ‘surveillance phase’ information from such an automated response, including when staff will return and details of emergency cover to name but two.
3 – Password Management And Multi-Factor Authentication
Use strong passwords and do not share these between colleagues or accounts. Password reuse turns an otherwise strong credential into a liability just waiting to be exploited should anywhere it is used get compromised. Use password management software to create genuinely random and strong passwords and phrases and store them securely. Multi-factor authentication should be mandatory for any staff using remote access as well as admin accounts. Ideally, MFA should apply to all staff all the time. Targeting employees with Thanksgiving shopping or parcel delivery scams to gain access to a network is commonplace during the holiday season.
4 – Slow And Steady Wins The Cybersecurity Day
And talking of phishing scams, don’t be pressured into clicking a link, opening an attachment or handing over sensitive information just because a sense of urgency is being created and you want nothing more than to get on with the celebrations. Such time-sensitive pressure is a common tactic because it is so often successful.
5 – Validate, Validate, Validate
It shouldn’t need saying, but here we go: don’t hand over sensitive information such as a bank PIN, a password or an authentication code in reply to email, direct messaging or telephone. Always authenticate the sender’s validity through contact details already known to you, even if everything appears legitimate. Faces and voices can be faked easily, do not trust any unsolicited communication and always double-check before making a financial transaction.
Read the full article here