The Danger Within: Risking it all during the holidays

Our work and personal lives intersect with the help of the Internet. At home, we immerse ourselves in social media- such as Facebook and MySpace- sharing photos, documents and applications with friends and family through Dropbox. At work, we leverage business tools- such as LinkedIn and Salesforce- sharing business documents with These tools keep us connected and give businesses the technological advantage to compete on a global scale.  Moreover, with the widespread use of personal smartphones, tablets and laptops at the workplace, more employees have access to sensitive company data at any time and any place with a simple swipe, click or tap.

A recent report found that more than 81 percent of Americans are using their personal devices for work, whether they are protected or not. For small businesses, the growing adoption of a liberal bring-your-own-device (BYOD) policy is often the most cost effective solution. However, many of these businesses have absolutely NO security requirements for those devices, as well as poorly enforced Internet usage and privacy policies. As a result, confidential data, critical records and customer privacy are all vulnerable to the potentially inadvertent actions of these employees as they use those same devices for personal online activities.

Most employees don’t realize their online behaviors are risky. They may not think twice before opening a phishing email or clicking a link to a risky website if they don’t know how to spot these threats or understand their destructive impact. Employees may not realize that a simple click on an infected Web page can open a backdoor for hackers and cybercriminals who are just waiting for an entry point into your business.

The list of risky behaviors is quite extensive and has the potential to put business data and customer privacy in the hands of cybercriminals, such actions as:

  • Employees disclosing passwords to colleagues or family members
  • Transferring files over unsecured networks
  • Sharing devices with others; and even
  • Using personal cloud applications for business, i.e., Dropbox or Google Docs (which have their own vulnerabilities)

This trend, while compelling from a cost standpoint, should be leveraged carefully. SMB owners must first take another look at how they are protecting their confidential information before offering employees the freedom to use their personal devices in the workplace.

As this holiday season approaches, it is even more urgent for business owners to monitor and secure any device touching company data. This time of year, more than any other, finds employees shopping online with any and all of their personal and business devices, even during work hours. According to ISACA, almost 65 percent of employees don’t verify security settings when shopping online and use their work email address to confirm purchases. This holiday shopping behavior can have devastating consequences to your business – one false click and a cybercriminal is having a “holiday” of its own at your expense.

Below are six of the most common risky holiday online behaviors every business owner should be aware of and to educate their employees on about the potential risks associated with each:

  1. Entering credit card information on unsecure / unfamiliar websites– Restrict shopping on sites that offer a secure shopping experience: a URL starting with https and the padlock symbol displayed in the low menu bar of your browser.
  2. Purchasing on price alone– A well-known trend at Christmas are knock-off sites. These websites are usually new, have no existing online reputation, offer products at exceedingly low prices and deliver low-quality counterfeit products.
  3. Downloading holiday greeting cards and multimedia files from unknown sources – Only click on links from senders you know and sites you trust. If you must open an attached file, make sure your antivirus software is up-to-date.
  4. Opening holiday phishing emails and clicking on included links to fake websites – The holidays are a busy time for cybercriminals, be sure to avoid any suspicious looking emails. When in doubt: DELETE Risky pic
  5. Downloading unauthorized Holiday apps on business or BYOD devices – Cybercriminals are taking advantage of your holiday spirit by tempting you with cute, fun holiday apps. McAfee’s Consumer Trends Report found that the U.S. is the second highest source for malicious apps downloads. Only download apps from reputable sources and ensure your virus and Web protection is turned-on.
  6. Using or leaving behind laptops, smartphones, USB or hard drive devices with company data on them – Holiday gatherings are fun times to share photos and business success stories. But these events can get very hectic and it is easy to be so distracted that we leave our devices unattended or even misplace them altogether. If you must take a device with you to family or work gathering, ensure you have encrypted the data on your hard drive as a precaution against theft or loss.
  7. Logging on to “Free Wi-Fi” hotspots or unsecure networks on your holiday travel – Free Wi-Fi is almost commonplace in the U.S. – making it easy to stay connected to work and home. According to an Informa study by 2015, users around the world will be able to connect to 5.8 million public hotspots. It is advised that you use these services only if you are accessing your business data through a VPN or you have encrypted all information being transmitted.

Awareness and education are essential to the fight against cybercrime from entering your business. It is critical to educate employees on how to navigate the Web safely and productively with their personal and work devices. It is equally important to invest in proper security solutions to protect all devices (regardless of who owns them) 24 hours a day, seven days a week.

Comprehensive business security doesn’t have to be expensive; it just has to be “comprehensive.” Choose a security solution that offers complete computer, email and Internet security – such as McAfee Security for Business. This all-in-one solution protects employees and endpoint devices from threats that target confidential data, critical e-mail and web vulnerabilities. Cloud-based, maintenance-free, affordable comprehensive protection for your business regardless of your employees’ locations. Don’t wait until it’s too late to invest in the security of your company and customer data. For a more in-depth look into security solutions for your SMB visit

Leave a Comment

1 + eight =