The coming of the holidays – and Black Friday and Cyber Monday -- means one thing to corporate and retail security personnel. It’s not mistletoe, egg nog and good cheer. It’s the threat of cybercrime.
Hopefully, your network is well protected and Cyber Monday is just another day to you. But if not the EIQ Networks lay out some useful steps for companies worried about the onslaught of traffic on those busy days.
The first is to ensure that brick and mortar staffers know which cyber end is up. The onslaught will run staffers ragged and leave them susceptible to phishing attacks. Thus, it is important that they don’t skip any security steps and refrain from taking other short cuts.
Tools should be in place that track activity on the network so that forensic teams can later track and eliminate the threat if the system is cracked.
Tim Greene at Network World focused in an article last year on the variety of malware that, at least at that point, was threatening shoppers and networks. These include Zeus (active, the story says, since 2007), BlackPOS (since 2013) and Dyre/Dyreza (2014). Though the article is not new, there is little reason to think that the situation has changed significantly.
There is no new or different technology that network operators or online retailers can bring in for cyber Monday, other than high quality firewalls. Instead, both employees and shoppers have to be ready. To the extent possible, retailers should urge that shoppers use reputable sites, be careful of pop ups and ads on other sites- they may have been placed there by less than legitimate businesses --and make sure that online payments are made only at “HTTPS” sites.
Companies with retail websites are advised to double check on security arrangements. Make sure technology – such as Meraki firewalls – are configured correctly. Mo Elnadi Cognizant discusses what to do if a problem does occur. The story suggests that the online staff plan as a team, listen to social chatter (if an abnormality or hack occurs), test infrastructure and use analytics to predict and follow trends.
There is no magic bullet to preventing cybercrime and the risks rise during the holiday season because traffic rises – putting stress on the network – and the bad guys get into the negative version of the spirit of the season. For them, the period between Thanksgiving and Christmas is what the period from mid-March to April 14 is for accountants. The key is to plan early, check the network to make sure it is bullet proof, over-provision network security and, if something does start to go wrong, call us.