10 tips to help organizations stay secure this holiday season

Optiv Security shared a list of the top 10 things organizations can do to help them stay secure during the holiday season.

1. Know who on your security team is on vacation and have a plan. One less person could result in holes in your security program and potential attacks going undetected. Review procedures and response plans, and make sure you know who is filling in where and when.
\t\t\t\t
2. Answer unknown phone numbers. This seems contradictory to what many people might believe, but an unknown number could be a notification from your organization’s bank or corporate credit card company informing you of a potentially fraudulent purchase or withdrawal. Make sure your accounting teams know to answer any phone calls they receive.
\t\t\t\t
3. Familiarize appropriate teams with fraud protocols. Numerous small charges on a corporate credit card can go undetected for some time. As such, it’s important for executive assistants, accounting professionals and any other employees who handle statements for these accounts to be familiar with your credit card company’s protocol for flagging odd-looking purchases.
\t\t\t\t
4. Educate employees on how to identify a phishing attack. Popular phishing attacks around the holidays include failed delivery notifications that instruct the recipient to click on a link or open an attachment, and fake billing statements that appear to come from credit card companies regarding recent purchases. Employees should carefully read the email and contact the company directly instead of clicking on any links or opening attachments.
\t\t\t\t
5. Ensure employees are empowered to report cyber attacks. While teaching employees how to protect themselves is important, it is equally important that employees know they can report concerns without retribution. If an employee’s machine has been compromised, you must ensure they immediately report the issue instead of attempting to resolve it on their own.
\t\t\t\t
6. Be extra vigilant about unwanted visitors inside company facilities. All employees should watch for people trying to tailgate behind employees or use social engineering tactics to gain entrance into facilities, and pay close attention to people attempting to make deliveries. Make sure they ask to see proper identification and pick up packages in the lobby or have the receptionist keep them. If visitors are permitted into main areas, make sure they are escorted throughout the facility at all times.
\t\t\t\t
7. Limit what information is included in out of office email and voicemail messages. Employees should keep messages generic and not provide details on where they plan to travel. They should brief their designated contact person about any active projects and instruct them what to do in case of an emergency. Those individuals may be targets of social engineering attacks that attempt to coerce the individual into taking action such as wiring money for a business deal.
\t\t\t\t
8. Be careful what your company posts on social media channels. For example, posting a comment on the company Facebook page about all employees leaving the office early to attend a holiday party offsite could leave the office susceptible to a physical or cyber attack if employees are not available to closely monitor facilities and networks. Individuals responsible for social media accounts should wait to post any reference to offsite employee gatherings until after they occur.
\t\t\t\t
9. New technology = new opportunities for hacking. New mobile devices are a hot holiday item, and employees could be using them to hold your company’s data. With every new technology there are exciting new features, but not all of them have been developed with security or privacy in mind. Be diligent and understand what new technology is coming in your door and inform users on the basics of patching, policy and privacy. Also, educate users on how to connect to corporate Wi-Fi, free Wi-Fi and other hotspots, and provide guidance on how to be secure with each.
\t\t\t\t
10. Patch. Patch. Patch. Update company software to the most current versions that include important security updates to protect computers against the latest known threats.