With Cyber Monday and the holidays fast approaching, businesses need to prepare for the prevalence of malware hidden in cheerful holiday greetings, shopping offers and heartfelt holiday videos that are designed to tempt employees to click.
SolarWinds outlined four best practices for businesses looking to keep a mindful watch on their IT infrastructure security as employees (and hackers) take part in the biggest online shopping day of the year.
1. Fortify firewalls – Firewalls are only as good as the rules that you’ve built. Regardless of network size, firewalls accumulate an ever-growing list of redundant rules and objects, along with conflicting rules and unused rules, all of which can cause mayhem in firewall management during the highly vulnerable holiday online shopping season. Ensure firewall rules are up to date in the case you are exposed from the outside or within.
2. Perfect patches – Organizations are prime targets for infestations when businesses assume that their most recent application version is security-proof, they are not up-to-date on their patches, or when they don’t have full account of all the applications installed by end users. Reduce malware exploitations when employees are susceptible to cleverly disguised holiday deal scams by keeping your patches up to date.
3. Monitor internal traffic – Identify where users are chasing shopping deals by continuously monitoring user workstation activity and behavior. With a proxy server, businesses can block certain sites, for example “no shopping,” detecting users who are trying to circumvent the policies in place. Bottom-line: If you allow it, monitor it. If you don’t, make sure it’s blocked.
4. Be on top of bandwidth – With an increased spike and concentration of users utilizing the Internet to browse holiday deals online, this strain will likely impact network bandwidth. Don’t lose sight of attackers who may strike while you’re focused on keeping your network up and running. Be prepared by monitoring network bandwidth and traffic. Additionally, take appropriate action by pinpointing users who are abusing privileges.