Tis the season … for cyberattacks.
December is one of the most dangerous months of the year for businesses, especially retailers. Different reports in 2018 revealed that cyberattacks on businesses increase 60% this month and that 31% of IT professionals in the retail industry admitted their company was attacked during the holiday season.
Added to this is data from our own CISO Benchmark study, which revealed that Chief Security Information Officers consider email threats to be the number-one security risk to their organizations. So what can small organizations do to stay safe this holiday season?
Email is a necessity for most businesses, so it’s not as though ‘turning it off’ is an option during this time of the year. The question instead is, how do you make sure your data remains secure while also giving everyone the access they need?
A key is a holistic approach: It’s about educating employees so they can do their jobs securely while implementing the right products and business initiatives.
Security software can help combat advanced and ever-changing attacks. Phishing protection now uses machine learning to understand and authenticate email identities and block advanced attacks.
Here are 7 tips to keep your business safe this holiday season, and prevent a costly click.
Educate your employees.
Your employees are your best defense, and one of your biggest weaknesses. Help them learn to recognize a phishing attempt by running regular phishing exercises to test and educate them. Start with fake phishing campaigns that are easy to spot, then gradually raise the difficulty. Run these exercises as frequently as you can, and reach out to a technology consultant you trust if you aren’t sure how to get started.
Use multi-factor authentication.
Multi-factor authentication (MFA) can be a mouthful, but it can also prevent an attacker from gaining access to a corporate email account even if your employee’s credentials were stolen. Because a login attempt message automatically gets sent to your employee’s phone to approve when someone else tries to log in, they can quickly deny the request.
Make sure software is up to date.
Updated browsers, software, and plugins help block emails with malicious URLs. Many of the most harmful attacks today take advantage of software vulnerabilities in common applications, like operating systems and browsers. The best part about this advice is that most companies can do this for free! Just ensure your employees know to update to the latest version when prompted.
Double-check login requests.
Always check the URL when asked to log in with credentials to ensure the request is coming from the legitimate owner’s website. Malicious actors go to great lengths to make pages look familiar. If it’s a pop-up window, expand it to make sure you can see and check the full URL.
Maintain a healthy dose of skepticism.
Elaborate stories, facts that are close but not quite right, urgent response requests—if there’s something slightly off about an email, don’t trust it. It’s better to make sure the email is valid than to ignore warning signs, however small.
Perform a cyber-risk assessment.
If your size and budget allow, do a risk assessment on your environment with the help of a trusted advisor. Prioritize your most critical entry points (keeping in mind that email is the most common threat surface), then work down in order of the probability of an attack and the risk to your organization if a breach occurs.
Be prepared with the right email security software.
Security software can help combat advanced and ever-changing attacks. Phishing protection now uses machine learning to understand and authenticate email identities and block advanced attacks. Domain-based Message Authentication, Reporting and Conformance (DMARC) domain protections can prevent attackers from using legitimate corporate domains in their campaigns, and message quarantine can hold messages to analyze suspicious files and remove them if needed. If all that was a bit of technical nonsense…look for software that offers protection against advanced threats. Hackers are smart and constantly evolve their tactics, so cloud-based software that auto-updates to stay current with threats is where you should start.
Even if you can’t follow all of the above this holiday season, remember that your best defense against hackers is still knowledgeable employees. Show them examples of phishing scams and other email attacks, and look at low-cost, cloud-based solutions that can protect your business from threats. The investment is more than worth the cost.
By Lissa Ricci, Vice President of small business solutions for Cisco Canada
