Please note another holiday season is upon us and with it brings many cyber-related attacks and compromise opportunities via a multitude of approaches such as phishing schemes, mobile threats, and social engineering attacks. According to Forbes and Adobe, consumers spent approximately $3.3 billion online between Black Friday and Cyber Monday last year and are projecting a 47% increase this year. Cyber-criminals are aware of data points such as these and recognize them as rich opportunities for ingress points to obtain access to personal, financial or confidential data.
While we can never fully eliminate all threats there are awareness tips and simple best practices we can do to exercise caution and reduce risk exposure. Below are some simple things to help reduce risk of both personal and professional compromise.
1. Before You Click: Stop, Think and Check. Is it is Expected? Valid? Trusted?
Phishing e-mails and their more targeted incarnation, spear-phishing e-mails, are likely to make their way into your inbox at some point and many of them are disguised as offers from trusted brands and large retailers, as well as some will be sent from a known client or contact's compromised e-mail address. It is estimated that 30% of people will click on malicious links or attachments during this season.
You should always be cautious when receiving any message with a hyperlink or attachment:
Do not forward emails with out confirmation of trusted source.
Ask yourself was this expected?
Do I know the person who is sending it?
Validate the source. If you unsure ask the person if they actually sent you something before clicking on something which might be malware, ransomware, a remote access tool or something that could steal or access your data.
2. Avoid or Delete Pop-Ups and Other Digital Ads
Many pop-ups and digital ads contain fake coupons, redirect you to malicious sites, or expose you to cross-site scripting attacks. In addition, "malvertising" -- using ads to inject and spread malware -- is one of the fastest-growing attack vectors.
3. Minimize Mobile Threats
Mobile shopping brings its own pool of threats with DAT having user communities utilizing a single smart phone for work and personal. Many people use public WiFi on their mobile devices, opening themselves up to man-in-the-middle attacks, in which a third party intercepts someone’s internet traffic, such as credit card information.
- If possible use a more protected computer (desktop/laptop) for online shopping and not mobile
- Avoid Public Wifi. Use a VPN solution if you are going to use public Wifi whether it is mobile or desktop
- Confirm any app you download is from the official Application store
- Take notice of any permissions or access (Location, Contacts etc..) asked for during the down load process
4. Increase Security Settings and Capabilities on All Your Devices
Review access and security settings for all computers, tablets and mobile devices, including your OS, browser, and other apps. Many companies, as part of their standard configurations, deploy anti-virus and malware protection along with other security controls. However, whether you use personal or company-issued devices as a best practice, you should confirm latest updates, anti-virus and malware are active, pop-up & adware blocker along with some perimeter protection like a firewall-enabled for enhanced protection.