Computer hacking—once a practice confined to the realm of Hollywood and international spies—has now become a worldwide phenomenon. No one is immune.
And with prime shopping season upon us, including major retail holidays like Black Friday and Cyber Monday, you may want to give your employees an online shopping security refresher. What on Earth does online shopping have to do with you and your IT department? Well, considering Cyber Monday only became a thing thanks to the droves of nine-to-fivers using office infrastructure to score online deals, it’s at least worth a look.
Here are a few helpful tips to highlight in your next IT newsletter:
1. Don’t believe everything you see
It’s almost a shame this needs to be said, but gullibility is one of the most versatile tools a cybercriminal can use. Your users need to understand that a little research can go a long way when it comes to not becoming a victim.
Everything from online coupons and ads to actual websites can be spoofed. In the case of websites, make sure your users know to check the text to the left of that .com in their URL—there is a “.com,” right?! When it comes to digital coupons and ads, simply checking the source before following links will keep them from being duped. It really comes down to instilling a healthy level of suspicion.
2. Variety is the spice of life
Or, in this case, it is the one thing that might protect you from attack. Encourage your users to use more than one password for their digital lifestyle. Sure, you’ll get plenty of eye-rolls on this one, but it needs to be done—and enforced.
If nothing else, make sure they can’t possibly use their work passwords as their personal shopping passwords. Things like password expiration and dual authentication will make this goal much more attainable.
3. Stay true to the source
It can be tempting to shop straight from links and posts left on friend’s social media sites, but as we saw with point number one, that can be a slippery slope. Instead, show users how to ensure the site they’re surfing and shopping on is safe.
Teach them the basics of a website address and how to make sure they’re using a secure connection. Simple things, like checking that lock symbol in the address bar, can keep people on the beaten—read: safe—path. If you really want to send the message home, you might want to print off “https://—not http://” on tiny sheets of paper and hand them around the office like fortune cookie prophecies, so employees know to avoid connecting to insecure domains.
Take security solutions into your own hands
User education is a worthwhile endeavor, don’t get me wrong. That said, if your general user base is composed of humans, they’ll eventually make mistakes. Take some practical precautions to protect your environment when those holiday shopping deals hit the interwebs.
- Email: Spam quarantines are easy to set up and refine. There’s simply no excuse not to have at least one spam quarantine filtering incoming messages.
- Automation: While you’re at it, go ahead and automate other areas of your cybersecurity strategy, too. Software patches immediately come to mind. From workstations to your printer fleet, automated patching of both software and firmware keeps your environment’s vulnerabilities to a minimum. Such security solutions can also free up more of your time to focus on other tasks, like another phishing tutorial.
- Encrypted backups: Make sure sensitive data is encrypted and backed up, no matter where it comes to rest. The former will protect it from prying eyes should it ever fall into unauthorized hands; the latter will protect you should one of the many flavors of ransomware find its way into your network.
We’re not even going to hint that you should try to make it impossible for users to shop from work on days like Cyber Monday. Not only is it a terrible way to tackle cybersecurity, but it’s a fool’s errand. Stick with simple education and accompanying secure systems to safeguard users’ online use for a far better outcome—and keep an eye out for any vulnerable sheep in your herd.