Deals and steals: preventing hackers this holiday season

As online spending and sales begin to pop up across the country this holiday season, so too will cybersecurity threats. Businesses and individuals alike should err on the side of caution while season’s greetings are in the air and online shopping traffic is high.

The first line of defense against cybersecurity threats is knowledge. When paired with a right-sized security program, an understanding of how hackers may attempt to access your information can go a long way toward keeping your data protected.

Malicious emails remain a significant cybersecurity threat. Ranging from traditional phishing scams designed to get consumers to click on links, to more robust scams requesting money transfers to fraudulent accounts, hackers will often try to mimic online retailer accounts, so it is crucial individuals are diligent. They may even try to slide under the radar through purchase verification and shipping emails, so be sure to double-check that each purchase and tracking number is legitimate before clicking any link. Wherever there is a website link, there is an opportunity to be compromised. Fortunately, many email attacks are low in sophistication and easy to identify as malicious.

However, there is no such thing as a hack-proof system. The system’s ability to detect malicious attempts should catch most fraudulent efforts, but some will slip through the cracks, making employee training an essential element of cybersecurity. Companies should train users on how to identify phishing emails and how to respond if they do fall victim.

If an employee clicks a link, enters credentials or falls for a scam, there should be a pre-identified chain of command to address the issue. This representative would be available to contact, respond and deescalate the threat. An appropriate chain of command would include management, IT or the security team.

Due to the enormous remote workforce, individual lapses in judgment can equate to business vulnerabilities. To protect users, businesses must have the proper controls in place to react to and detect cybersecurity issues. Having email security will allow for monitoring, auditing and reporting if suspicious activity does occur. On top of fine-tuning email architecture, third-party email solutions can provide multiple layers of security and increase total protection.

The necessary layers of protection are made up of email security solutions, multifactor authentication for users and admins, good password management and user diligence. Keep longstanding best practices in mind when establishing employee credentials, such as resetting passwords when redistributing hardware, checking for unauthorized log-in attempts and not reusing credentials from one employee to the next. By implementing these checks and balances, companies will be able to mitigate external hackers.

Online security can be a challenge for many, but the right checks and balances will help companies stay in line. It is crucial to right-size the security program for your business. Consulting and cybersecurity experts can help businesses determine how many and which levels of security are needed.

Protecting accounts — both personal and business — starts with taking the right cybersecurity steps. Focus on the basics by training users to mitigate and detect threats. It is always better to err on the side of caution and assume an email is guilty until proven innocent. Multifactor authentication adds an extra layer of security and peace of mind year-round.

This holiday season, as an abundance of Cyber Monday deals and stocking stuffer emails come through, revisit the cybersecurity structure your company has in place to keep the holiday season full of cheer.