“It’s the most wonderful time of the year!” It’s the time of year with beautiful lights, festive foods, holiday cheer, and well-wishes from family and friends. It can definitely classify as one of the best times of the year … except in the cyber-security world. This is the time of year when financially-motivated cyber criminals are most active in stealing personal information, credit card numbers, and important data. With the unending online shopping and overabundance of junk email flooding our inboxes, how do we protect ourselves and our information?
We are sharing our top security tips for end users and business owners to help you keep your data secure this holiday season.
- The most important tip – know that you are always a target. Don’t adopt the mindset of “it won’t happen to me”. Cyber criminals don’t care who you are – everyone is a victim. You should be cautious year-round, but even more so during the holiday season.
- Anytime you are using sensitive information while browsing (such as when shopping or checking your bank account), you should be on your own personal device on a trusted network. Even if it is your friend’s phone or computer, you don’t know what they’ve accessed or whether their device has been compromised. And every time you connect to the public WiFi at the coffee shop, you are opening yourself up to attackers.
- Be EXTRA cautious of emails. Cyber criminals are more clever than ever at creating emails and websites that fool even the most experienced users! If you get an email advertising a holiday deal, just visit the company’s website rather than clicking on the link in the email. Think you are good at spotting phishing sites? Take this Phishing Test to test your skills.
- Educate yourself on good password management. We are all guilty of it – using the same few passwords for everything. But think about what would happen if a cyber criminal got hold of just one of your passwords … how many things would they be able to access with just that one password?? It’s pretty scary. Make sure your passwords consist of a mix of numbers, symbols, and uppercase & lowercase letters. You should also never write your passwords down anywhere – don’t put them on a sticky note, don’t send them over an email, and don’t text them to a family member.
- Never leave your devices unlocked and unattended. Trust us – we’ve seen it happen. Someone gets up to grab their coffee and leaves their computer unlocked. Experienced cyber criminals only need seconds to steal valuable information or put a dangerous program on a device. Always lock your devices and/or bring them with you even if you will only be gone for a minute.
- When in a public place, be cautious of who is around you when you’re typing passwords or credit card numbers. You never know who is watching over your shoulder and seeing exactly what you type into your computer. Remember tip #4? Is your computer password one of those few passwords that would be REALLY bad if it was stolen?
- And lastly, just use good judgement at all times during the holidays. If something seems suspicious or “not quite right”, don’t click on it. If you receive an email that you weren’t expecting, chances are it’s dangerous. Don’t allow your phone to connect to just any public WiFi.
- Establish solid security requirements for end-users. Whether it is training, device encryption or password management, you need to have requirements in place to protect your data from your weakest link – your users.
- Right along with tip #1, you need to educate your employees and hold them accountable. End-users are by far your weakest link, and during the holiday season their chances of clicking on a harmful link or downloading a dangerous program is much higher. Education is the best way you can protect your data. Want to know how we help our clients educate their end-users and run simulated phishing tests to check results? Learn more about KnowBe4 here.
- Make sure your backups are up-to-date. Nothing is worse than having a disaster happen and then realizing that your data hasn’t been backed up in the last month. You need to have a secure backup device that is backing up your data at a minimum of every 24 hours.
- All company devices need to have protection against viruses, spyware, and malware. If even one computer isn’t protected, your entire company is at risk. If an end-user brings a personal computer to work, then it needs to be protected as well.
- Secure your wireless access points. It’s something not a lot of people think about, but if you have guests visiting your office then they shouldn’t be accessing the same network as your employees. Create a guest WiFi network just for office visitors and make sure it is password protected. In addition, make sure you are not broadcasting your private company WiFi network.
- Protect your networks behind a strong firewall. If dangerous websites or suspicious downloads are stopped before they even reach your users’ computers, you are taking a major step in protecting your data. We recommend WatchGuard firewalls to all of our BECA clients.
- Encrypt your important data. You should never store vital data on your networks. However, if you have to then it should always be encrypted. This just helps add one more layer of protection against criminals – especially those active during the holiday season.
- Have a plan in place for when something happens. Just like tip #1 for end-users, you should never assume “it won’t happen to me”. If you are making money or collecting important data, then you are always a target – it doesn’t matter how small your business is! What will your very first steps be in the event of a data breach?
- The final and most important tip – have a solid and tested disaster recovery plan ready to go at any moment. The first part of a disaster recovery plan is your backups (tip #3). Where are you going to get your backups from? When was the last time they were backed up? How fast can your data be restored? How quickly can you be back up and running? Then you need to formulate a plan of action for corrupt data. What are you going to do if your backup is corrupted? What will you do with compromised devices?
As a business owner, it is hard to think about all of the security practices, disaster recovery plans, and backups on top of everything required for running your business daily. Wouldn’t it be nice if you didn’t have to worry about any of the data breaches or security threats? What if you didn’t have to think about any of the above tips because someone else was doing it for you?