Written by Stu Sjouwerman
With users focused on holiday activities, cybercriminals take advantage of lowered defenses and holiday distractions to scam users into becoming victims.
Suppose you get an email from a major online retailer about their “Cyber Monday” deals. It looks legit, the deals are of interest, and there’s a “SHOP NOW” button. So, what do you do?
Or how about you receive an email from a colleague with a link to an eGreeting card? Would you think twice about clicking on the link and viewing the card?
While users in IT and Security are less likely to click on these kinds of emails, users are generally less scrutinizing. And the bad guys know it.
According to the FBI, cybercriminals are targeting holiday shoppers, looking for ways to take advantage of unsuspecting individuals. And with 65% of employees planning to do holiday shopping online from work, scammers see this time of year as a “target-rich environment,” ripe attack opportunities to attack organizations, infecting them with malware, ransomware, steal data, or as part of a larger scam where an organization is used for intel to commit fraud against a second organization.
Educate Your Users
Organizations need to educate users on the need to be vigilant – especially at a time of year when employees are so distracted from their work responsibilities, they’re spending hours shopping online from work! A user educated with Security Awareness Training becomes one that interacts with the web and email with an elevated sense of security; emails, chats, ads, and web content are all scrutinized because the user now understands how the enemy acts. This training creates a security culture that empowers the user to become a part of your security stance.
Because times like the holidays exist where a user’s defenses are down, it’s imperative to continually educate users so that the security of the organization is always maintained – no matter what time of year.