We’re less than a week away from Thanksgiving and you know what that means. Black Friday and Cyber Monday. That’s right, one of the busiest shopping weekends of the year. As the weekend approaches, it’s normal to expect to see more emails and ads hoping to entice people into considering the deals being offered over Black Friday weekend. Who can resist a good deal? Not many. Unfortunately, attackers know that as well.
This means that people should expect to see an increase in spam and phishing attacks. Attackers will be emboldened to launch more aggressive attacks as it will be easier than normal to hide their emails among the others. New deals, credit card offers, holiday e-cards, or other generic emails that you often see around this time of year could very well be phishing attacks. Did you make a purchase and you’re expecting a tracking update? Be careful. That tracking update email you just opened could be fake as well.
During the holiday season, people often become laxer. If they have a few spare minutes between tasks or on lunch break, chances are they’re going to be doing some holiday shopping. While this may be OK to do, if they’re doing it while connected to the company network, things become a bit more serious. If they’re the unfortunate victim of a phishing attack, the entire company could now be infected with ransomware.
To help minimize this risk, without ruining the holiday festivities, there are a few things that a company, as well as individuals, can do to protect themselves.
Cybersecurity training is always the best deterrent when it comes to preventing attacks, especially phishing attacks. Train employees on what to look for when opening an email. Are they expecting this email? Is the email who is says it’s from? Even though the named displayed in the “From” address is someone you know, the email address could be completely wrong. If the email contains a link, give some serious consideration as to whether it should be clicked or not.
Two-factor authentication is highly beneficial for any company or individual to use. While strong password policies are a must, even the most secure passwords don’t always hold up. This is where two-factor-authentication comes into play. Two-factor authentication is when a second form of verification is used to allow access to website or other resource. For example, you enter your password into your banking website. Immediately afterwards, you are prompted to enter a code that your received via text message on your phone. As seen, you were asked for two forms of authentication. One was your password for your banking website and the other was a code send to your phone. This way, if your password is stolen, the attacker still needs access to your phone to gain access to you online bank.
Next Generation Firewall
Next generation firewalls have the capability to decrypt HTTPS traffic. HTTPS is used to encrypt internet data. This is what reputable institutions, such as banks, use to encrypt and protect your information while using their website. Unfortunately, attackers can use HTTPS as well to encrypt their attacks. Normal firewalls don’t have the ability to look inspect HTTPS traffic and see what’s inside. This means that even if a firewall rule is set to deny a certain type of traffic, the rule is ineffective since it can’t see what inside due to HTTPS being used the encrypt the traffic. Next generation firewalls, though, can inspect HTTPS traffic. When properly configured, next generation firewalls can decrypt the traffic, inspect what’s inside, and then re-encrypt it before sending it to a user. This is means that ransomware that’s hiding behind a layer of encryption is capable of being discovered before it’s too late.
In the end, no single solution can stop all attacks. Our article, 5 Ways to Stay Secure Online, provides additional information on combating cyber attacks. Addressing security in layers and protecting yourself on multiple different fronts is the best solution. Technology, though great, can’t stop all attacks by itself. It relies on well informed users to make wise decisions as well. Stay safe everyone and Happy Thanksgiving!