Best practices for staying cyber secure during the holidays

In this Help Net Security video, Sean Tufts, managing partner for critical infrastructure and operational technology at Optiv, discusses best practices for keeping businesses secure amidst a barrage of threats during the holiday season.

Pause large changes in your security stack: IT and security changes that may not have been fully tested can create vulnerabilities. So, while it might be tempting to rush things out the door to achieve a clean slate going into the New Year, doing so can create significant security risks. If it won’t hurt the business, consider delaying any IT and security changes until the New Year, when staff is back, recharged after their break, and ready to give their full attention to testing.

Ensure contractors are up to speed on cybersecurity policies and procedures: Many companies hire contractors to fill staffing shortages around the holiday season. While this is great from a business standpoint, it can be troublesome from a security perspective, as temporary or contract workers might not be as knowledgeable or vigilant about cybersecurity policies and practices.

Additionally, they likely have not undergone the same cybersecurity training as full-time employees. To reduce risks associated with contract workers, ensure they have been briefed on the company’s security policies and give them short training on vulnerability management. Spending little time on cybersecurity education and awareness can go a long way in preventing mistakes while working on the network for a few weeks.

Subscribe to a threat intelligence offering: Security is a collaborative effort, and your company does not have to go it alone. Threat intelligence offerings are available to help you understand current threats, so you can identify which present the most risk to your company and better prepare your organization to respond faster in the event of an attack.

Carefully watch traffic coming into the security operations center (SOC): Remain vigilant when monitoring traffic coming into the SOC. If anything seems abnormal, make sure to investigate it immediately, as unusual activity could mean a bad actor is trying to penetrate your network. Monitoring traffic is an important practice year-round, but it’s especially critical during this time of year when companies typically experience increased traffic volumes.

Communicate safe IoT stewardship while employees are home: Many will receive connected devices as gifts this holiday season, which can introduce security risks. With a large remote/hybrid workforce still dominant across enterprises, people could reach for their corporate laptop first to plug in that new smartwatch. Communicating to employees to safely store their work laptops away can prevent insecure devices from compromising corporate networks.