Cyber Monday is somewhat of a holiday for avid shoppers, only paling in comparison to Black Friday just a few days before.
However, with such fun and consumer power, there are plenty of pitfalls that could ruin one's holiday season. Thus, both Staples and McAfee have published sets of tips for both employees and IT departments to help prepare for this major day in just over a week.
McAfee cites that its motivation is that almost 60 percent of the more than $887 million in Cyber Monday purchases were made from the workplace two years ago. But at the same time when employees will be shopping online, they will "more than ever, putting their organization at risk for malware, spam, phishing scams," and more.
Thus, here are the common sense tips from McAfee -- most of which you should really have in place for any day of the year.
- Have anti-virus software installed on your system and update frequently to ensure your software has the latest fixes for new viruses, worms and Trojan horses.
- Consider monitoring user activity or locking down internet access on that day to cut down on the probability of malicious activity within your organization.
- Organizations should conduct penetration testing in order to identify vulnerabilities that exist in a system or network.
- Ensure your organization has a disaster recovery plan or Computer Security Incident Response Team in place. This team is responsible for receiving, reviewing and responding to computer security incident reports and activity.
- Make sure employees are trained properly to identify threats including revisiting common social engineering techniques for internal employees to ensure they are protected against scams.
And here's Staples chiming in for both IT admins and company employees overall:
- BYOD (bring your own device) is when employees use their personal technology for work related tasks. This is a continuing trend with the number of portable computers and mobile devices in the workplace increasing every year. As such, employees are using their personal devices to shop while at the office, and you need to create realistic security policies that don’t compromise intellectual property while letting employees stay mobile. For example, consider segmenting network traffic for personal devices (allow access to “guest” network) separate from corporate network resources.
- Typically vigilant employees may let their guard down. You should provide them with examples of specific security threats to be wary of – such as fake e-cards and scams like a free gift with purchase such as a tablet. Many of these "offers" will come in via email or social media and could contain a virus. Understanding what to watch out for can go a long way.
- It’s essential that employees have a basic understanding of corporate security policies. Remind them about rules such as not sending personal information (name, credit card, etc,) while using company resources.
- Make sure all websites are using SSL encryption when entering personal information. That means looking for a padlock or a key symbol, typically in the lower right of the page. Secure sites also include “https” in the address bar to signify the transaction is protected. In addition, remember that it’s best to buy high-ticket items from eTailers you know or those that also have a brick and mortar location.
- Don’t allow your browser to save your username and password when shopping online. It’s less convenient but safer in case the site’s datastore gets breached. Also avoid providing a work email address as contact information.
- Treat social networking sites with the same caution as other websites. Social sites are a growing target for fraudsters and virus writers.
- Use your credit card – if your debt card gets stolen, it might be more complicated to sort things out, especially if the fraud causes overdrafts and bounced checks.
IT department admins and developers, do you have any tips of your own to share for handling work on Cyber Monday?
- McAfee proposes five tips to avoiding bad apps
- McAfee's updated cloud security platform focuses on preventing data loss
- Former home secretary: 'France tapped UK government emails'
- Android could be a malware time bomb (report)
- Stuxnet 2.0? Researchers find new 'cyber-surveillance' malware threat