Data Protection & Online Security at Christmas
Is your organisation ready for the festive season?
ThreatMetrix, a security technology company, recently forecasted a dangerous spike in online criminal activity in the run up to Christmas. The Q3 2016 Cybercrime Report predicts a sharp increase in cyber attacks targeting key UK retailers with a potential 20 million cyber crime attacks during this year’s peak shopping week.
And the risk isn't only limited to online security. Unfortunately, over the holiday season all organisations and workplaces become more vulnerable to the risk of security breaches – and information thieves are counting on it.
Here are the top three holiday vulnerabilities – and data protection tips to help your organisation stay secure.
Fraudsters posing as legitimate customers can lead to account takeover and new account creation fraud. At the same time, employees are shopping online more often and putting personal and company information at risk. The most popular festive scams include phishing emails, fake promotions on social media and retail websites, and e-card sites which appear to be legitimate. Criminals try to lure victims to click on malicious links and/or provide credit card and other personal information. What to do: Utilise fraud detection and other safeguarding technology. Financial Fraud Action UK (FFA UK) also urges everyone to be vigilant when shopping online. Make employees aware of known scams, and teach safeguarding tips during ongoing education. For example, always check the authenticity of online retailers, and never open an email or attachment from an unknown sender.
Working from Home
When employees take time off, they often take work home too. But during the festive season, there’s a tendency to be careless with information and work behaviour. Leaving confidential information in vehicles or replying to a phishing campaign may occur (this year, cyber-criminals are targeting mobile devices with text messages requesting charitable donations). What to do: Implement a culture of security, and provide employees with tools and information to stay secure at all times. To protect documents, it’s most important that staff only remove confidential information from the workplace if absolutely necessary. As part of a mobile security policy, there should be access controls, and all devices should be equipped with safeguards such as anti-virus and anti-malware. Also, avoid public (and unsecured) WiFi, and never leave confidential documents in view in vehicles.
Skeleton Staff: A skeleton staff in the office over the holidays can leave the workplace vulnerable to insider fraudsters. What to do: Implement a Clean Desk Policy so that employees lock down all computers and equipment and leave their work space clear of documents when they're not at their desk. Provide a Fraud Hotline so employees can easily report fraudulent behaviour. Partner with a document destruction leader that installs locked consoles for storing documents that need to be securely destroyed. Avoid stockpiling obsolete computers and hard drives in the office. Confidential information on hard drives can still be accessed by information thieves. The document destruction company should also provide secure hard drive and e-media destruction services.
To learn more about how to keep your workplace secure over the festive season, checkout our office security infographic.