The holiday season is something many of us look forward to each year. Unfortunately, it’s a “most wonderful time of the year” for bad actors and cyber attackers as well. To help keep you and your team safe, we’ve put together a few tips to protect you from potential cyber threats.
Tips to Protect Yourself From Potential Cyber Threats
Watch for phishing attacks
Phishing attacks are always a favorite, especially in retail and doubly so during the holidays. According to a recent article hackers try to take advantage of the busy season by targeting users through phishing attacks, such as fake emails, appearing to come from retailers or well-known organizations that are popular during the holidays.
During a recent Fortified Roundtable, several attendees shared stories of people they know who’ve fallen victim to phishing attacks this year. User education on phishing attacks is one of the first lines of defense – and quite impactful. Reminders about phishing attacks during the holidays are also a great way to help raise awareness.
Shopping Tips
As much as we might like to lock down our company networks to prevent employees from browsing social media or shopping online, it’s just not feasible, nor does it foster good employer-employee relations. But the reality is that e-commerce drives online fraud.
If you make online purchases, not even the most reputable retailers can guarantee your personal data’s safety. We advise you to educate your employees about the importance of keeping personal and business accounts (email, payment, shipping) separate, to limit the chances of a crossover malware infection.
Segmentation of personal and private accounts will also help in the event there’s an incident involving financial institutions or information. Fraud is high this time of year with threat actors seeking to drain any account. Again, reminders to your team about cyber hygiene best practices are advised.
One of Fortified Health Security’s partners, KnowBe4, offers the following considerations for making online purchases, which are valuable tips that can be shared with your team:
- Refrain from shopping on social media
- Only browse and shop on sites you’re familiar with or that are reputable
- Verify links by checking domain spellings – malicious sites often have slight modifications or can also be entirely unfamiliar
- Monitor credit card usage after transactions
- Verify confirmation emails are authentic before clicking on anything
- Check to ensure the domain is secure (https vs. http)
Another important tip for your team is to remind them not to click links in emails asking to verify information. Instead, advise them to navigate to the account’s website directly, log into their account, and verify the request.
Password and Multifactor Authentication
This is a great time of year to do something you and your team may have been putting off…changing passwords and activating Multifactor Authentication (MFA), which usually involves setting up an additional layer of security such as a PIN or a question-and-answer challenge. Let’s be honest, at least one account (or more!) has been bugging you about a password change or enabling MFA for a while now.
Some best practices on passwords:
- Change passwords at least every 90 days. Many organizations have more rigorous standards, but this is a baseline.
- Storing passwords in your browser is handy, but it’s not secure.
- Avoid password reuse, and if possible, implement procedures to prevent users from reusing “most” of a previous password.
Mixed passwords are not easy to recall, but password managers can assist with helping to manage them. Password managers are a great security enabler, especially when considering the recommendation of avoiding password reuse. But the password manager itself should be protected by a complex and lengthy password, passphrase, or even a full sentence.
Password managers also make it easier to use complex passwords, both personally and professionally, because the burden of remembering all those different credentials goes by the wayside.
If you haven’t enabled MFA on your accounts, consider making it a resolution for 2023. It can take a little bit of time but can save you or your healthcare organization from a major incident. A Dark Reading article shared some eye-opening statistics:
- There are 921 password attacks every second — almost double what we saw a year ago
- Basic security hygiene, like multifactor authentication (MFA), can protect against 98% of attacks
Unlike that fitness resolution that can take months to deliver results, doing a significant amount of cyber hygiene and turning on MFA can be done in a few hours – and will protect your healthcare organizations, patients, and personal information.