December 12, 2018

’Tis the season to be secure

Carl Leonard Principal Security Analyst

In this season of good will it is important that we as security professionals share our knowledge with friends and family who are less tech savvy than us. Give the gift of security and safety over the holiday period by helping them out as they shop online, get acquainted with new devices and navigate the cyber landscape during a time when seasonal scammers ramp up their activity.

Don’t give an attacker your identity

Cybercriminals are not just interested in plundering funds during the holidays – they are looking to give themselves identities that can be repurposed to access accounts or used for fraud. Protect login credentials and keep them safely wrapped up (in a password manager or memorised).

Buying presents online

While your friends and family ask you what you’d like for Christmas remind them that attackers ramp up their seasonally-themed lures at this time of year. To ensure their safety while shopping online pass along these tips:

  • Use trusted online shops and payment services. Scammers know the excitement of seasonal shopping can cloud people’s judgement when presented with a bargain or two. Consider how much you would trust an offer contained within an unsolicited email and pass that wisdom to your friends.
  • Once the presents have been ordered online watch out for delivery and postage scams. The email letting you know you have an outstanding debt to pay on your delivery may be a bot trying to acquire login credentials or personally identifiable data. Check its source.
  • The traditional sales on offer after Christmas or New Year’s Day can invoke a buying frenzy. Ask your family members to be especially on guard at these times.

New phones

If you or your family members are lucky enough to receive a new cell phone there are a few actions you can take to ensure the device is as secure as possible.

  • Help them to set up authentication on the device (a pin or passcode to support the fingerprint or facial recognition).
  • Upgrade to the latest version of the operating system and update apps too.
  • Don’t download dodgy or off-store flash-in-the-pan apps offering to let you know your Elf Name. Check the reviews of any suspect app and install a mobile anti-virus app to stop those malicious apps getting a foothold.
  • Consider enabling cloud backup for those festive pics should the phone go missing.
  • Enable phone location discovery via the built-in apps or install a third-party app to achieve the same. This will help should the phone be stolen or the owner mislay it due to one too many sherrys.
  • Warn your friends and family about making un-vetted connections over social media and oversharing personal data.

Voice assistants

What better way to solve the debate of how to cook a family meal then asking Alexa for the recipe?  While some of us may find a voice assistant under the tree it is important to review the security of the network it is being connected to.

  • Take the opportunity to change any remaining default WiFi passwords to something else more secure and unique.
  • Ensure anti-virus is installed on the other devices connected to the network, including cell phones, laptops and desktops.
  • Update the router to the latest patches while you are in there.

Give the gift of a credit score check

While I can think of more fun presents, in this age of data breaches it can put people’s minds at ease to know how to perform a credit score check or bank account transaction review. There are multiple free services, or annual subscriptions that can be had for a modest fee, that permit regular checks or generate alerts when something is amiss. Online banking apps are rather secure these days and can permit quick checks to ensure no unusual transactions have been made on accounts used to shop online.

Before you leave work for the holiday break

Attackers unfortunately don’t slow down during the holidays. They realise businesses are vulnerable as vital staff take a much needed vacation.

  • Ensure you have an incident response plan in place for your organisation that is ready to execute should the worst happen when a parcel of personal data and intellectual property is delivered down the attacker’s chimney of stolen information.
  • Don’t put too much personal information, names, job titles and phone numbers in your Out of Office message. A phisher could take advantage of your Out of Office reply to perform social engineering on your colleagues or suppliers.

Season’s Greetings

We wish all of our readers and customers a very happy holiday season and a prosperous New Year!

See you in 2019.

Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...

Read more articles by Carl Leonard

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.