As both a consumer and an enterprise security pro, I encourage you to take a few minutes to look through our annual “12 SCAMS OF THE HOLIDAYS” list. Four of the top tricks might spark an enterprise incident that could take you away from your holiday festivities. All of these scams are things employees, family, and friends may experience.
Just like you, I know I’m going to be the tech support volunteer and the font of all Internet wisdom around the wassail and sports bowls this year. Discussing these scams is a way we can all make safe security practices relevant and accessible to colleagues, grandparents, and tweens.* For instance, the infographic is a great thing to feature in your corporate security awareness newsletter (or if you are a geek like me, your family holiday letter).
Since the infographic was primarily written for consumers, for this blog I picked out the 4 most relevant scams and added an “enterprise” enrichment:
- Year in Review Traps —Many news services capitalize on the holidays by developing “Year in Review” articles. Companies should warn their employees about the risks of clicking on these types of links from their work emails. Links from phony sources could infect and compromise the security of company devices.
The corporate flavor of the year in review is “Predictions for 2015.” While the McAfee Labs predictions list should be safe, of course, we might see watering hole attacks that target communities of interest with these lists. Make sure your web gateways scan websites and downloads for malware.
- BYO…Device —With an increase in travel, activity (and bubbly!) over the busy holiday season, people are more likely to forget their smartphones in public places. While inconvenient for them, it is also a way for hackers to access sensitive personal information and business data if the appropriate security measures are not in place.
This one doesn’t need a translation, just a reminder that tablets and laptops carry even more sensitive data than smartphones and offer even more appeal to thieves. Enforce use of complex passwords and strong authentication on all mobile endpoints, as well as encrypted storage or whole-device encryption.
- Bad USB Blues — During the holiday season, you may see an increase in gift baskets from vendors who want to continue doing business with your company in the upcoming year. One of the most popular items in these baskets includes branded USBs. Beware of allowing your employees to use these, as undetectable malware is sometimes pre-installed on them.
A holiday gift is a gold-plated opportunity for a determined attacker to deliver a malware-laden USB into your building. Simple social engineering would net them a legitimate vendor name and contact name in your finance, sales, product development, or manufacturing organization, then they drop off a nice basket of treats, and the giftee’s host—your employee’s machine—is compromised. Use device controls to lock out use of unknown USB sticks and set endpoint security to scan for malware when USB devices connect.
- You’ve Got Mail! —As holiday sales continue to migrate online, the risk for shipping notification and phishing scams are increasing. Though malware is a year-round risk, since many people do their holiday shopping online, consumers are more apt to click on a shipping notification or phishing e-mail because they think it is legit.
Many employees may check mail or shop using company email addresses. Further, Internet services like gmail, box, google docs, and the Apple store often have legitimate business uses but also provide camouflage for phishing. If an attacker can use phishing to capture account credentials, they can gain entrée into your enterprise. Advanced phishing protection includes email filtering, advanced anti-malware, URL scanning before and after clicking, and sender identity verification (to validate trusted business entities.) Cool infographic: http://www.mcafee.com/us/resources/misc/infographic-phishing-quiz.pdf
Those are the big business ones. Unwrap the rest of the holiday scams in our 12 Scams infographic.
*As incentive to evangelize safe security, McAfee and Dell’s Season of Sharing Sweepstakes*rewards you for sharing advice with family and friends, with prizes including a $1,000 gift card to Dell.com** along with the McAfee LiveSafe service.