Cybersecurity Reminders for the Holiday Season Facebook LinkedIn Twitter Email Pedro PereiraDecember 1, 2016August 30, 2017 LinkedIn Viewed: 2929 TAGSVARLifeIsOnIT solution providerCyberSecurityretailsecurityinternetRansomwarecyber attackholidayPhishingDrive-by DownloadsPlug-in Vulnerabilities Holiday shopping this year is projected to grow by 11.5 percent compared to the last holiday season, with retailers raking in $91.6 billion in sales. Much of that shopping will take place online, which means users will be logging on and off retail websites while attending to other tasks. In the office, a distracted user is a security liability – the kind cybercriminals are adept at exploiting to carry out cyber attacks. To prevent security incidents, IT service providers should remind clients of the cyber dangers that are always lurking, especially at a time of year when people are easily distracted, and work with them to instruct users to recognize and avoid threats. Cyber attacks have become a commonplace occurrence. Because of their frequency, users can start to view them as a kind of new normal and, as a result, become immune to the risks. This is dangerous, and needs to be avoided. So as users go about their holiday prep and shopping, here are some of the threats providers need to remind customers about: Phishing A recent study found 85 percent of organizations have suffered a phishing attack. Most cyber attacks these days start with phishing or spear phishing. Both involve tricking users by email into clicking an infected attachment or URL. While phishing typically targets groups blindly, spear phishing is more targeted, giving the appearance the email came from someone the user knows. Introduce clients to awareness programs and anti-phishing tools that teach users how to spot and avoid phishing attempts. Ransomware Earlier this year, anti-phishing vendor PhishMe discovered 93 percent of phishing emails contain ransomware, which prevents users from accessing data on their computers. To regain access, users have to pay fees ranging from $100 to more than $10,000. Ransomware has become the biggest cybersecurity threat, according to ZDNet, and is likely to remain so well into 2017. Make sure clients understand ransomware risks and back up regularly to avoid losing data in the event of an attack. Drive-by Downloads Drive-by downloads surreptitiously install malware into a computer when the user visits a legitimate website that has been compromised. The malware typically hides in the background until it executes the action for which it was designed. This could include stealing information, reformatting a hard drive or turning the machine into a netbot controlled remotely by cybercriminals. To prevent drive-by downloads, make sure clients keep all software up to date, implement web filters and give users access to only the systems they need for their jobs. Plug-in Vulnerabilities Cybercriminals are always looking for new vulnerabilities in file formats such as used PDF, HTML, and Macros in Word documents, as well as tools such as Java, Visual Basic and Flash. Keeping these tools and programs up to date by applying security patches as they become available makes it harder for hackers to exploit them. Work with clients to ensure users aren’t ignoring patches, which is best accomplished through automated patch management. Social Media Threats Many users over-share on social media, failing to realize that cybercriminals can find ways to access a lot of the information they post. Hackers have been known to use this data to craft phishing emails that trick users into clicking infected attachments or URLs, something businesses can avoid through user education. All of these security risks are a concern no matter the time of year, but as users get distracted with the pressures of the Holiday season, this is a perfect time to review client strategies to protect their networks against cyber attacks. For more on cybersecurity: https://www.cio.com/article/3106072/security/best-practices-to-improve-cybersecurity.html https://securitytoday.com/blogs/reaction/2016/11/3-ways-to-avoid-cybersecurity-threats-this-holiday-season.aspx Interested in accessing additional resources for your business, check out the APC by Schneider Electric Channel Partner Program.