Wednesday, December 27, 2023
Blog topics:
With a few days left before the New Year, there’s a few things – that not unlike making sure you bought a gift for your all of your in-laws this year – you’ll want to make sure you’ve taken care of when it comes to your company's cybersecurity.
Over the holiday season, the global number of attempted ransomware attacks has increased, year-over-year, by 30 percent. Add to that, there is an average increase of 70 percent in the number of attempted attacks that occur in November and December, compared to January and February.
Also, according to a recent article in Security Intelligence, a report from the retail and hospitality sector highlights the fact that imposter websites, product-focused phishing attempts and phishing attempts impersonating executives all tick up during the holidays. And there is the (continuing) rapid rise in social engineering attacks.
As you finish celebrating the holidays and you and your co-workers are coming in and out of the office, there are five things that you can do to protect your business, employees and customers, including:
- Have a response team in place – It's critical to know who can be called in the event a cyber incident or cyberattack occurs. Be sure, too, to clearly establish, in writing, who’s on call and when.
- Consider managed detection and response – The reality is, with the increasing complexity of malicious and automated cyber threats, many organizations lack the security skills and resources to handle a sophisticated or advanced type of threat. To help offset those challenges, some companies transfer security tasks to a managed detection and response (MDR) provider.
- Be EXTRA careful with downloads, clicks, messages and emails – For most of us, the holidays are hectic enough, as we balance what we need to do at work with whatever plans we might have to be with our family and friends. Because of that, we let our guard down and that’s exactly what cybercriminals are counting on. Remember, too, the majority of malware still gets into computers and systems due to human error. The best approach is to be wary of any and all communication, even if it appears as though it’s coming from a trusted source and all of us should treat any unsolicited message with the highest level of suspicion.
- Be sure to lockdown privileged accounts - It’s common for intruders to penetrate networks by escalating privileges to the administration level, where they can then deploy malware. High-level access is rarely required on holiday breaks or weekends. As a result, some security experts recommend locking down privileged accounts.
- Establish clear isolation tactics - Isolation stops attackers from making any further ingress on your company’s network and from spreading malware to other systems or devices. It’s not unusual for security teams to disconnect a host, lock down a compromised account or block a malicious domain. Another tip - scheduled and/or unscheduled drills can help make sure everyone is prepared and the procedures that have been put into place will perform adequately in the event of a breach.
It's important to keep in mind that not all of these suggestions can (or will) be achieved overnight. But, following best practices with your cybersecurity – at work and at home – is, really, a never-ending task that has become an important part of our everyday lives.
Managing all of this – as we go – also makes it easier for everyone to be better engaged when it comes to managing their own personal cybersecurity and, as a result, the company or organization that you work for, is better protected. Looking to learn more? There is a great article on Tripwire (featuring "10 Essential Tips") and, as always, CISA is a great source for all things cyber, especially when it comes to avoiding social engineering and phishing attacks.
Best of all, it allows each of us an opportunity to, maybe, take a day off, catch up with a friend over lunch, or just crash out on the couch. Or, if your kid is home from college, you had a chance to watch a lot of football (it was Boxing Day...) and check out teams, such as Nottingham Forest, in the Premier League.