With Thanksgiving upon us, it means Cyber Monday is a few days away. You know, it's that day those people who were smart enough not to get up at oh dark thirty on Black Friday surf the Web to look for deals. Undoubtedly, it's a headache for IT security and risk managers everywhere, but not because employees are cyber shopping on company time.
It's a pain more because hackers are as aware of employee online shopping habits as management is, and they're waiting for the chance to get at the corporate network, according to Network World. Writer Bill Brenner compiles a list of security tips for Cyber Monday. Though it's too late to implement some of them for this year, all of them warrant consideration as part of anyone's risk management plan for the year to come.
Particularly so for Brenner's No. 2. He says:
Save users from themselves...Since employees are going to do this anyway, Accuvant Labs' David Bonvillain says they should at least be educated on how to do it safely: "Awareness of common techniques and an understanding of how to identify malicious content can go a long way toward proactive prevention. Keep in mind that these types of attacks are also pervasive over IM and social networking technologies and are not simply limited to traditional Web browsing."
In other words, teach your employees how to recognize common scams and malicious content, and issue Cyber Monday reminders prominently.
Other suggestions included in the list: monitor the network; make sure the security software, including browser enhancements, are functioning; and encrypt everything.