Why strong cybersecurity makes for happy holidays

Marc Thaler

You don’t have time to make holiday shopping a priority? Here’s a strong suggestion: Reassess what’s important.

It’s not for the reason you think.

The holiday season – defined as the post-Thanksgiving period between “Black Friday” and Christmas – is just 26 days this year. (It was 31 days in 2012.) The short shopping window, open only one day longer than last year, is again expected to drive time-crunched consumers to the Internet.

You work with, and for, many of these people seeking a crowd-free, more convenient experience. They access the corporate network you manage, and they use an array of machines and mobile devices to do it. If you weren’t previously concerned with the websites your colleagues visit while connected, you need to care now.

In fact, before reading any further, circle December 1 on your calendar. The last thing you want is “Cyber Monday” sneaking up on you. Here’s why:

“The Monday after Thanksgiving has become known as the biggest online shopping day of the year, with companies offering discounts galore to entice customers. But it’s also a day that scammers hope to use to their benefit by trying to lure in victims with offers that sound too good to be true. From fraudulent auction sales to gift card, phishing, and social networking scams and more, cybercrime schemes are ever-evolving and, unfortunately, still successful.”

That warning was part of an FBI blog post published at the start of last year’s holiday shopping season. It still applies, especially when you consider Forrester Research’s prediction for 2014 US online holiday sales: They’re expected to hit a new high of $89 billion, representing a 13% increase from 2013.

Meeting that mark requires quite a bit of web surfing. There’s a lot at stake for the users you protect, not to mention the company itself.

And that’s precisely why IT pros must remain on high alert. All the attention paid to high-profile security breaches in the past 12 months, while newsworthy, has a downside that shouldn’t be dismissed.

“We’ve reached the point where it’s tough to keep track of all the companies that have suffered a security breach. We, as consumers, know it’s a serious issue. But it’s only natural to grow desensitized to the danger,” says LOGICnow Security Lead Ian Trump.

It is critical, Trump says, that IT admins preach and teach these basic best practices. They’ll benefit the business and its users:

  • “S” marks the spot. Use encrypted web pages whenever possible. Remind users to look carefully at the URL address of a page before entering personal data such as credit card information. Make sure the address starts with “https://” and stay alert for certificate warnings, which indicate a site may be compromised.
  • Off limits. Do not allow users to surf the web as a local administrator. Only authorized IT pros should have access to this account, which features several “super user” capabilities tied to settings, configuration and software installation.
  • All clear! Always clear the browser cache—before and after a web session. This is particularly easy to do; the most difficult part may be ensuring users make it a habit. Clearing the cache is usually done in the settings or options portion of the browser. (Furthermore, using a browser’s latest version is also important.)

According to the 2014 Allianz Risk Barometer survey, the top 10 global business risks include two new entrants: “cybercrime, IT failures, espionage” at No. 8, and “theft, fraud, corruption” at No. 9.

Cybercrime made the biggest leap from a year ago, climbing seven spots.

What role are you prepared to play in policing the browsing habits of your end users? Your answer will go a long way in determining if the holiday season is indeed enjoyable.

–––––––––––––––––––––––––––––––––––––––––––––––

Want to know more about security? Then check out the videos serious by our security lead, Ian Trump…