Christmas shopping at work? Here are some tips for protecting your users and your company.
Employees know they shouldn’t, but that hardly stops them from using their work device for personal shopping, especially in the run up to Christmas. Ironically, this is also the time when we see more sophisticated and elaborate phishing scams.
If you already have IT security in place, you’re ahead of the game
According to Richard Walters, VP of Identity and Access Management at Intermedia, “if you or your IT team are worried about the upcoming 6-8 weeks, it means you’re already failing at security. The risk shouldn’t be greater in the next 6-8 weeks than it normally is for businesses and their employees. As Larry Ellison recently admitted, ‘there should be no on and off switch for security’. If you’ve been diligent about reminding your staff about potentials risks, updating/patching your software and have adequate tools in place, then you’re in better shape than the vast majority of companies out there.”
A few ways you can increase security for the holidays
For companies looking to tighten up their security, Richard recommends the following:
- System admins should review what company applications can be logged into remotely and see which support two-factor authentication. If that hasn’t already been enabled, now is the time.
- Many of us will be traveling to visit loved ones and working remotely during the Christmas period. If you have a VPN, make sure two-factor authentication is also enabled for remote access.
- While you’re at it, remind them to always use the VPN when logging onto public WiFi hotspots at hotels, airports and cafes.
- When ordering from online stores employees haven’t shopped at before, sites will frequently ask them to create an account, so remind employees NOT to reuse any passwords that they use for applications at work. If you have a Single Sign-On solution that prevents employees from ever seeing the passwords for business applications, so much the better.
- Remind workers not to use work email accounts for shipping notifications. That way, any phishing emails appearing to come from UPS or DHL will still look out of place if received into their work Inbox.
- If you’re hiring temporary workers over Christmas, give them the least amount of access privileges needed for their role and set up auto-expiring accounts for the date their contract ends.
A lot of IT security comes down to user education — educating them about company policies, about the dangers of phishing, about best practices for staying safe, etc. This shouldn’t just be something you do around the holidays, though. Employee education should be a regular part of your IT strategy.