Our 12 cyber security top tips for a cyber safe Christmas
As Christmas approaches (anyone else wondering where 2021 has gone?!), many of you will be winding down and preparing for the festivities – with online security being the last thing on your mind!
Unfortunately, cyber criminals are notorious for taking advantage of the holiday season, coercing their way into our digital spaces and cashing in on the season of giving.
With this in mind, our security and cloud experts have provided their top tips to ensure that you enjoy the celebrations, stay cyber safe, and avoid your data being St.Nicked…
The shift towards remote work has resulted in an unprecedented rise in email compromise based attacks, with phishing making up 70% of all data breaches. These attacks are particularly prevalent during the holiday season and our Security Operations Analyst Sam, shares his advice…
“Phishing emails advertising the latest ‘Christmas Deals’ or spoofing well known parcel delivery service providers are very common tactics used by malicious actors.
My advice is to operate a zero-trust policy. Check the wording of the email carefully, and then check it again! Also remember to check the sender, was it really sent from Amazon…? By putting a bit of thought into how we respond to our digital correspondence we can avoid providing digital criminals with the information and access they are trying so hard to gain.”
In addition to vigorously checking the wording, grammar and sender of a suspicious email, our Cyber Security Engineer Adam, warns about clicking risky links –
“The biggest threat our clients face is phishing and social engineering: always check the sender’s address and any links included. Hovering over a link will show you where it’s taking you; if in any doubt don’t click it! The safer option is always to open a new browser and navigate to a specific website yourself without clicking any risky links.”
Where would your business be without it’s data? As the building blocks of any organisation, data is unquestionably integral, leading to our Senior Project Engineer, John, stating:
“Restoring and protecting your business data go hand in hand. I would recommend running onsite and offsite backup simultaneously to protect against all eventualities, in addition to having a disaster recovery plan in place to ensure the fasted revival time. When a crucial system goes down, knowing what to do, who will do it and where the backup data is stored means your business will be up and running again in the fastest possible time!”
With 89% of individuals shopping online, it’s important to be wary of fraudulent websites disguised as genuine retailers – particularly if they’re offering deals designed to tempt people in. As our SIEM Engineer, Cam states,
“If it seems too good to be true, it probably is…”
A trick to identify if a website is secure is to check the URL. If it says ‘HTTPS’ at the start of the address rather than ‘HTTP’ it means that it’s secured with an SSL certificate. This essentially means that the connection between browser and server is encrypted and the website’s identity is authenticated.
“When out and about enjoying your Christmas meals, never connect to public wifi! You never know who is listening and can steal your data!”
This top tip comes from Lex our Cyber Security engineer. As tempting as it is to connect to these public hotspots and share a picture of your mulled wine, you leave yourself at risk from man-in-the-middle attacks, unencrypted networks and malware distribution…
“Everyone knows that strong passwords are annoying to remember, however the dangers associated with being compromised far outweigh the pain it takes to remember! For example, an 8-character password takes roughly 5 hours to crack when it’s all in lowercase text. The key is to use a password which contains a minimum of 12 characters that include numbers, symbols, capital letters mixed with lower-case letters. To protect your employees that step further we also recommend MFA is enforced on all user accounts for that extra piece of mind!”
This tip comes from our Cyber Security Architect, Austen, which leads nicely on to…
Generating, storing, managing and remembering multiple passwords can seem daunting, which is why our Commercial Director Tom’s top tip is to ensure that your companywide password policy includes utilising a password manager:
“Use a password management tool to ensure that each password for each service is different – their memory is better than yours! I’d recommend a service like LastPass which generates a uniquely strong password that you don’t need to remember.”
In addition to having a strong password policy, you should ensure your users enable Multi-Factor Authentication on all devices containing company data. As our Senior Cloud Engineer Rob states;
“Sadly passwords get stolen, leaked or disclosed to people who shouldn’t have them, almost no matter what safeguards you might use. So having a strategy to stay ahead of anyone who would try to use your accounts is key to success. Enabling Multi-Factor Authentication (aka MFA/2FA) on EVERYTHING can improve your online security immeasurably.
MFA will challenge anyone who uses your password to provide a secondary authentication factor such as a code, phone call or push notification in a mobile app. Even when a malicious actor has your password, without your second factor they still can’t breach your account in most cases.”
This top tip comes from our Technical Director Alex, and no, he’s not talking about a Christmas Yule log…
“Ensure you employ someone to look at the alerts from anti-virus software and monitoring agents – it’s all well and good having managed devices, but without someone watching the logs you can’t react in time!”
With over 50% of all cyber security breaches occurring from human error, anti-virus software and artificial intelligence can only get you so far… In order to be truly prepared for a security breach, you should roll out user education and awareness training. As our Head of Cyber Security, Ryan, states;
‘Over 28,000 people fell victim to fraud during last year’s Christmas shopping period. To successfully fight against malicious actors this year, it is critical that businesses foster a cyber-security culture through education and security best practices. I’d recommend starting awareness training during employee onboarding and follow an official cyber security training plan.’
Managing and monitoring data throughout your infrastructure can be an expensive and time consuming task, which is why our Soc Analyst, Liam recommends that everyone should be asking for a SIEM tool for Christmas…
“SIEM tools allow security analysts to investigate security alerts in real-time, which reduces the average time to identify and respond to breaches. IBM say the average time to respond to a breach in 2020 was 207 days – which is why a SIEM tool should be at the top of everyone’s Christmas list this year!”
At Stripe OLT, we offer CREST certified Penetration Testing services, so of course our SOC Manager, Mark, couldn’t not highlight the importance of actively testing your network and systems…
“Work proactively, not reactively! Don’t wait until malicious actors find a network vulnerability to exploit and actively test your infrastructure and applications with a Penetration Test to uncover any weaknesses ahead of time.”
Finally, we hope you have a cyber-safe Christmas and a happy new year!