[BreachExchange] 4 Tips to Keep the Cybercriminals Out During Cyber Weekend

Audrey McNeil audrey at riskbasedsecurity.com
Wed Nov 16 20:09:43 EST 2016


http://multichannelmerchant.com/ecommerce/4-tips-to-keep-
the-cybercriminals-out-during-cyber-weekend-15112016/

More consumers are turning their attentions away from the Black Friday
hysteria in stores towards online shopping during the first weekend of the
holiday shopping season – from Thanksgiving to Cyber Monday. Last year,
more than 103 million people said they shopped online at some point over
what is now being called Cyber Weekend. And retailers are responding,
offering online discounts and promotions to pull in more consumers.

As both retailers and shoppers congregate online and find themselves
distracted by holiday weekend sales, cybercriminals are lurking in the
fringes waiting for the perfect opportunity to strike. Cybercriminals often
use busy times to their advantage, counting on consumers and businesses to
be distracted. Take the biggest retail hack in U.S. history as an example.
In the days leading up to Thanksgiving 2013, cybercriminals installed
malware in Target’s security and payments system, ultimately gaining access
to the credit cards of 40 million Target customers.

The risks are just as real today and cybercriminals have their newest – and
most effective – tool at their disposal: malware. Malware can halt business
operations which, during a busy holiday shopping weekend, can have
catastrophic consequences for both reputation and bottom line. Here we
offer four “must-do” security tips to keep malware out of your systems
during Cyber Weekend.

Educate Your Weakest Link

Cybercriminals utilize a number of sneaky methods for getting malware onto
the network. One of the most common methods is a phishing attack, which is
used to fool employees into handing over sensitive information or clicking
on a malicious file by impersonating a reputable entity or person over
email, instant message (IM) or other communication channel.

So what’s the best way to prevent this? Get your employees involved. Offer
mandatory security awareness training and make employees stakeholders in
protecting the business. Teach employees about common attack methods and
empower them to make decisions around security. Create an environment where
security is discussed openly and is the shared responsibility of all
employees to greatly decrease the chances that a cybercriminal will
succeed.  And then provide those employees some back up. Use an automated
anti-malware solution to help prevent users from clinking on links that
take them to malicious sites.

Understand the Importance of Backups

The availability of business information is essential, particularly during
a busy holiday weekend. Temporarily losing access to data or important
systems can cause costly business disruptions. If you are the victim of a
ransomware attack and the cybercriminal takes control of your data and
won’t return it until you pay up, having a backup can be a lifesaver.

It’s important to perform backups of both local data and anything stored in
the cloud. These should be performed on a regular basis – ideally daily.
Then, instead of paying up, you can simply restore your data from backup
and keep business going through the holiday weekend.

Locate and Remove Infections Quickly

Much of the security industry today focuses on keeping malware out
altogether, which is an unrealistic goal. Your IT team should still have
the right tools in place to do what it can to prevent malware from getting
onto the network, but there also needs to be a plan for those cases when
cybercriminals succeed.

The reality is that, at some point, malware will get in. Once this happens,
it becomes important to find out exactly how the malware entered and which
computers on the corporate network are infected. Otherwise, even after you
remediate, you can’t be certain that it’s completely gone and won’t do
further damage.

Have an Incident Response Plan in Place

While you can do what you can to prevent business interruptions over Cyber
Weekend, and year-round, there’s always the possibility that a
cybercriminal will get in and stay in. So now what do you do? Have
discussions with your IT team, your partners and your advisors so everyone
knows their role in the event of an attack. Come up with a plan to keep the
business running and the losses down. And think about your communications
strategy. Maintaining customer trust is essential and proactive
communication is sometimes a necessity.

Cyber Weekend is quickly approaching. Your focus is likely on ensuring
website performance, checking inventory and promoting holiday deals to pull
in the shoppers. But security should also be top of mind. These four
security tips will keep the cybercriminals from ruining your Cyber Weekend.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161116/ebe9cbc4/attachment.html>


More information about the BreachExchange mailing list