11 Security Tips for Black Friday, Cyber Monday
If your business is physical security, Friday is more than likely going to be a rough day. Shoppers will storm your stores the day after Thanksgiving in what has become known as Black Friday and spend, spend, spend. That's what the retailer wants, of course. But for the security pro, it means a much bigger risk of shoplifting on the part of customers and employees alike.
See also: Retail Shrink, Theft Up in 2009 and Recession Woes: What People Steal
For IT security practitioners, the day to watch is so-called Cyber Monday, when the masses turn on their office computers and, instead of working, storm the online marketplace for holiday gifts. Here, the worry is that hackers are lying in wait, ready to break into retail networks and steal customer credit card numbers. (See Survey: Despite Risks, Employees Still Holiday Shop at Work.)
To help ensure a more effective defense, CSOonline reached out to physical and IT security experts and gathered up the following 11 tips.
Tips 1-5 courtesy of David Bonvillain, vice president of Accuvant Labs
Tip 1: Make sure the security software is on.Ensure all systems that access the Internet are protected with anti-malware technology, specifically making sure browser security enhancements are configured and enabled in AV software, Bonvillain says. Much has been said about the sorry state of AV this year - for one example, read Experts Only: Time to Ditch the Antivirus?. But the chances of avoiding a security breach will still increase if the anti-malware is turned on.
Tip 2: Save users from themselves (otherwise known as awareness training)Forget that employees are shopping on company time, probably a career-limiting activity in some places. The bigger problem is that they're doing it on company machines online thieves are just itching to hijack. Since employees are going to do this anyway, Bonvillain says they should at least be educated on how to do it safely: "Awareness of common techniques and an understanding of how to identify malicious content can go a long way toward proactive prevention. Keep in mind that these types of attacks are also pervasive over IM and social networking technologies and are not simply limited to traditional Web browsing."
Tip 3: Monitor the networksThis may seem painfully obvious, but since warning signs tend to be missed and the breaches keep piling up, Bonvillain says this one's worth repeating: "Comprehensive monitoring of both the network and the client will help you trend threats, identify weakness in your existing enterprise, and if necessary give you the tools to identify and contain a breach if one occurs."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Software
Powered by TwitterOn Twitter now
Software
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
