The internet never sleeps, so companies’ security protocols need to be suitably strong all day, all night, and right throughout the holiday season.
Cybercrime is continually growing as more traditional business migrates online, with e-commerce providing an enormous target for criminals looking to siphon off money from unwitting victims across the web.
Everything from unsolicited emails to socially engineered and targeted attacks are constantly emerging, with security professionals continually banging the ‘Be safe’ drum.
True, not everyone is listening all the time, but the immensity of the problem can no longer be ignored.
Ransomware was 2016’s cyberattack of choice, with 2017 gearing up to be no different. Last month, Intel’s McAfee Labs cybersecurity predictions showed 14 trends coming down the line, covering everything from hacktivism to internet of things (IoT) as a risk.
Though it was ransomware, as always, that first drew the eye. Expecting an increase in attacks up to the mid-point of next year, an actual fall-off is expected after this, as defence networks catch up, fast.
However, over the Christmas and New Year’s holidays, vigilance should remain high. With that, Mark Kellett, CEO of Magnet, walks us through his 10 tips for Christmas ‘cybercare’:
- Emails: “The biggest threat to you throughout the year will come in the form of emails. The unscrupulous cyber-criminal will try to pull on the Christmas heartstrings, and may use well-known charitable campaigns to try to draw you in. It is important that staff are aware of such emails and that they do not accidentally welcome hungry hackers into the network.”
- Capabilities: “Staff training is also extremely important so that everyone is aware of what a phishing email can look like. As well as knowing what threats look like, staff should know that they should never share their passwords internally or via email, and passwords should be changed on a regular basis, ideally every 30 days.”
- Strong passwords: “Longer, more complex passwords will make it harder for criminals to breach your system. Use symbols instead of letters, such as: Rud@€ph or $@nt@C!@u$. If you have a website that provides a portal or information to your customers like orders or invoices, you should ensure that they choose strong passwords to access your website.”
- Don’t store sensitive customer data: “If you use a payment processor like Stripe or Paypal, customer credit card data is not stored on your website, so that removes one significant headache of data storage. However you will still have customer address data for deliveries, email addresses and perhaps a password to access your website’s order system. It’s crucial that you keep this database of customer details safe and secure, by ensuring your website is on a reputable, secure web hosting company.”
- Online selling – install verification systems: “All of the credit card gateways commonly used by Irish businesses fit into this secure category, so don’t be tempted by low commission rates elsewhere. Use a familiar, proven name to get your website trading online.”
- Set up system alerts for suspicious activity: “Many shopping cart systems have built-in features to monitor events like multiple orders placed by the same person using different credit cards, phone numbers that are from markedly different areas than the billing address, and orders where the recipient name is different than the cardholder name. If you sell online via your own website, learn about your shopping cart system and enable security features that will alert you to suspicious transactions.”
- Layer your security: “Website security isn’t reliant on a single solution, but on layers of security that keep unwanted visitors at bay. If you’re hosting your own website on a server, install a firewall. If you have a shopping cart, make sure users need to log in with a validated email address, and use CAPTCHA on forms and orders to minimise the number of automated, or ‘bot’, requests made to your website.”
- Monitor your site regularly. Make sure whoever is hosting it is, too: “You can’t watch your website day and night, so use automated tools and analytics to do the work for you. It’s the equivalent of having security cameras in your shop. Make sure whoever is hosting your website monitors for malware, ransomware, viruses and other harmful software, as well as unwelcome visitors.”
- Make sure you or whoever is hosting your site has a disaster recovery plan: “You may have a plan if there were a physical break-in, but it’s also necessary to put together a strategy to recover following a security breach. It is not enough to put the hacker or your site’s naughty list for next year, so a timely plan needs to be prepared in order to prevent even more damage being caused.”
- Ensure that your URL is secure: “Customers will look for https in their browser bar and a padlock icon when shopping. That way, they will know that the website and their details are encrypted and secure. It is also best to advise your customers not to make purchases over public Wi-Fi as they can be prone to electronic eavesdropping.”