Is Your Information Security Ready for Black Friday?
Each year, businesses across America offer special deals for “Black Friday” and “Cyber Monday” to encourage consumers to make purchases (or, to keep competitors from snagging their market share with similar deals). Many consumers take advantage of this shopping holiday to make purchases for their gift-giving holiday of choice while others buy gifts for themselves.
However, there’s another group that has a keen interest in the Black Friday shopping holiday—cybercriminals. Like with the FIFA World Cup and other major events, there are always opportunistic cybercriminals who seek to take advantage of others to:
- Steal their account credentials and financial info;
- Cause damage to businesses for various personal, political, or financial motives; and
- Leverage the extra traffic to mask intrusion attempts and breach a business’ information security without being detected.
Just because the average consumer is on a shopping holiday doesn’t stop cyber threats from targeting businesses. In fact, the danger posed by various threats only becomes more severe during these kinds of events.
Imagine, for example, what would happen if a store’s payment card processing system were to stop working because of a distributed denial of service (DDOS) attack? How much business would that retailer lose if their systems were down for the entirety of Black Friday/Cyber Monday?
What if something like that were to happen to your business? Would your business have the appropriate IT security measures and response plans in place to deal with information security threats quickly and reliably?
This is a serious concern—one I hope that you, and everyone else who reads this, won’t have to actually answer in a real-life situation. However, just in case you do face an attack this Black Friday, or at any other point in the upcoming holiday season, here’s a quick checklist to help you get ready:
Do You Have a Threat Intelligence Framework in Place?
- Yes
- No
- What’s a threat intelligence framework?
In today’s cyber threat environment, it’s not enough to simply react to an information security breach—you have to proactively work to monitor upcoming threats as they emerge. Threat intelligence feeds help businesses and cybersecurity professionals keep up with emerging cyber threats so they can anticipate attacks and prepare more efficient responses—possibly even create security measures that keep the threat from causing damage in the first place.
Do You Have an Incident Response Plan (IRP) in Place?
- Yes
- No
- How do I set up an incident response plan?
In the field of business information security, there is one absolute: No matter how good your defenses are, sooner or later, your security will be breached. The goal of cybersecurity professionals is to mitigate the risk of this happening as much as reasonably possible while also working to minimize the potential impacts of a breach.
Having an incident response plan in place is crucial for recovering from a cybersecurity breach as quickly as possible to minimize the potential impacts of said breach by:
- Identifying the breach;
- Stopping the attack;
- Investigating the attack method;
- Notifying the affected parties;
- Restoring affected network assets; and
- Preparing for the next attack.
Are Your Employees Keeping Up to Date with Information Security Best Practices?
- Yes
- No
- How do I improve awareness of information security best practices?
The people who are on your payroll are simultaneously your greatest resource and your biggest liability for cybersecurity. If your employees are unaware of cybersecurity best practices for safe shopping and internet usage during the holiday shopping season, they may fall victim to a number of different scams—and inadvertently expose your company to IT security risks in the process.
Do Your Information Security Measures Include Disaster Recovery?
- Yes
- No
- How can I make an effective disaster recovery plan?
The last thing any business needs to occur during a busy shopping season is a sudden catastrophic failure of some critical network component and lose the ability to do business for a day or two. Yet, businesses that fail to create and implement disaster recovery solutions run this very risk.
Effective disaster recovery plans might not enhance information security much, but they do help to minimize the impacts of many cyber threats by eliminating single points of failure that might be vulnerable to attack.
Does All of Your Business’ Software Have the Latest Security Patches?
- Yes
- No
- How can I tell?
Unpatched security vulnerabilities often prove to be an easy way for cybercriminals to breach your business information security. It’s easy for businesses—and even individual users—to neglect the “update available” notifications they get from software developers. After all, they don’t want to interrupt their work day to apply some patch.
However, sticking to a regular software patching schedule—and having your IT security team regularly check to make sure that all such patches are evenly applied to all of your network security endpoints—is a must for avoiding an embarrassing data breach.
So, how did you do on this brief self-assessment?
If you found that your answers to the majority of these information security questions was “yes,” then congratulations! It sounds like you have a decent business information security setup in place.
However, if you found that you answered “no” or found yourself with questions about what each of the above questions meant or how to put these security measures in place, it would probably be best for you to reach out and contact us as soon as possible.