Shop ’til you drop with security solutions in tow

March 7, 20184 Minute Read

Computer hacking—once a practice confined to the realm of Hollywood and international spies—has now become a worldwide phenomenon. No one is immune.

With holiday purchase flashbacks coming in one bill at a time, it might be a good opportunity to give your employees an online shopping security refresher. What on Earth does online shopping have to do with you and your IT department? Well, considering Cyber Monday only became a thing thanks to the droves of 9–5ers using office infrastructure to score online deals, it’s at least worth a look. For instance, most workers in a bustling office environment use headphones or earphones to focus, so it’s telling that last Cyber Monday saw a 55 percent spike in headphone sales.

Here are a few helpful tips to highlight computer security in your next IT newsletter:

1. Don’t believe everything you see

It’s almost a shame this needs to be said, but gullibility is one of the most versatile tools a cybercriminal can use. Your users need to understand that a little research can go a long way when it comes to not becoming a victim. Everything from online coupons and ads to actual websites can be spoofed. In the case of websites, make sure your users know to check the text to the left of that .com in their URL—there is a “.com,” right?! When it comes to digital coupons and ads, simply checking the source before following links will keep them from being duped. It really comes down to instilling a healthy level of suspicion.

2. Variety is the spice of life

Or, in this case, it is the one thing that might protect you from attack. Encourage your users to use more than one password for their digital lifestyle. Sure, you’ll get plenty of eye-rolls on this one, but it needs to be done—and enforced. If nothing else, make sure they can’t possibly use their work passwords as their personal shopping passwords. Things like password expiration and dual authentication will make this goal much more attainable.

3. Stay true to the source

It can be tempting to shop straight from links and posts left on friend’s social media sites, but as we saw with point number one, that can be a slippery slope. Instead, show users how to ensure the site they’re surfing and shopping on is safe.

Teach them the basics of a website address and how to make sure they’re using a secure connection. Simple things, like checking that lock symbol in the address bar, can keep people on the beaten—read: safe—path. If you really want to send the message home, you might want to print off “http://—not http://” on tiny sheets of paper and hand them around the office like fortune cookie prophecies, so employees know to avoid connecting to insecure domains.

Take security solutions into your own hands

User education is a worthwhile endeavour, don’t get me wrong. That said, if your general user base is composed of humans, they’ll eventually make mistakes. Take some practical precautions to protect your environment when those looking for shopping deals hit the interwebs.

  • Email: Spam quarantines are easy to set up and refine. There’s simply no excuse not to have at least one spam quarantine filtering incoming messages. And when it comes to user education, an effective training will keep phishing top of mind for employees—always. Unlike Janice, who forgot all about phishing on her birthday, and The Wolf expected exactly that.
  • Automation: While you’re at it, go ahead and automate other areas of your cybersecurity strategy, too. Software patches immediately come to mind. From workstations to your printer fleet, automated patching of both software and firmware keeps your environment’s vulnerabilities to a minimum. Such security solutions can also free up more of your time to focus on other tasks, like another phishing tutorial.
  • Encrypted backups: Make sure sensitive data is encrypted and backed up, no matter where it comes to rest. The former will protect it from prying eyes should it ever fall into unauthorized hands; the latter will protect you should one of the many flavours of ransomware find its way into your network.

We’re not even going to hint you should try to make it impossible for users to shop from work. Not only is it a terrible way to tackle cybersecurity, but it’s a fool’s errand. Stick with simple education and accompanying secure systems to safeguard users’ online use for a far better outcome—and keep an eye out for any vulnerable sheep in your herd.

Gary Hilson October 31, 2018 4 Minute Read

5 ways to prepare for PIPEDA’s updates

PIPEDA's getting an update, and it looks a whole lot like GDPR. Here are five best practices that will help you stay compliant.

Stephanie Vozza October 29, 2018 4 Minute Read

Brush up on these 4 fundamentals for Cybersecurity Awareness Month

From employee training to shoring up endpoints and passwords, get primed for Cybersecurity Awareness Month with these four security and privacy tips.

Graham Templeton September 26, 2018 4 Minute Read

Prepare for PIPEDA with better device security and data privacy

Complying with PIPEDA's new privacy amendments requires diligence in everything from internal processes to device security.