Technical Support: 412-349-6678 | Incident Response
| Remote Support | Client Portal

Tips to Prepare Your Team With Holiday Security

Shopping bags for holidays - holiday security
Posted on November 19, 2019

Cybersecurity month is over, but here comes the holiday season! 

Dark Reading is already promoting 8 holiday security tips for you to consider. Is the company mimicking the Grinch? Hardly. 

With online sales expected to jump from 14% in 2018 to 18% in 2019, we should expect hackers’ efforts to follow.

Here’s a quick breakdown of those holiday security tips:

 

Tip 1 – Secure your cloud

Tip 2 – Segment the Network

Tip 3 – Protect against digital skimmers

Tip 4 – Harden mobile apps

Tip 5 – Protect the company’s In-Store Wi-Fi

Tip 6 – Prepare staff properly

Tip 7 – Be on the lookout for Seasonal Scams

Tip 8 – Partner with industry groups

 

These tips provide a useful framework to discuss many common vulnerabilities.

 

Common Sources of Holiday Security Breaches

 

Now, you may not use the cloud. But, if you do, your settings must be double-checked. Also, ensure that your passwords are strong.

In September, DarkReading detailed the Lion Air data breach, which exposed data on millions of passengers. That happened because of an Amazon Web Services (AWS) S3 storage bucket misconfiguration, which exposed records to the public. 

Ford, Netflix and TD Bank suffered similar breaches. 

The processes to configure and secure the S3 buckets are not terribly difficult. And, Amazon has changed default settings to improve privacy and security. However, there is the possibility to create conflicting settings to expose data. 

Related: Which Data Storage Solution Works Best for You?

Another common source of breaches arises when you employ third-party contractors, or while changing settings during development. During this process, settings are changed to aid access to the data and then people forget to restore the security settings before deployment.

If you’re unsure of whether or not your S3 (or Azure, etc.) storage buckets or webservers are configured correctly, we can help you verify and remediate those public cloud configurations.

 

Retail Stores, Websites & Apps

 

When it comes to websites, payment processes are primary targets for attackers. 

Digital skimmers, created by cyber criminals such as MageCart, use JavaScript code to insert malware into vulnerable websites. Those criminals design skimmers to steal credit card data. 

While a MageCart attack focuses on unsecured S3 buckets containing website code, it’s recommended that you reduce JavaScript code as much as possible.

Of course, stores are no longer limited to websites. 

People use their phones more than ever, and the rise of mobile usage allows hackers to enter the mobile environment. If your company uses mobile applications, you should regularly download, run and examine them to ensure that hackers haven’t injected them with malware.

Also, check to see if someone launched an app in your company’s name.

For example, Nordstrom may be very careful about launching its brand with its brand name. But, it should also check to make sure that no one launched an unauthorized Nordy Club store. 

Many stores use public Wi-Fi as a convenience to customers, but that also provides an open door to your network.

You’ll need to monitor that network consistently to limit Wi-Fi abuse. Also, make sure it’s isolated from the rest of the network. 

 

Related: Are You Monitoring Your DNS?

 

Segmenting Networks & Seasonal Attacks

 

Network segmentation limits the penetration of a successful attack, and it segregate key systems.

Your point-of-sale (POS) terminals should not be on the same network as the video camera and security system. The 2014 Target breach, caused by its HVAC vendor, would have been much more difficult for the cyber criminals had the stores micro-segmented their HVAC systems to be fully isolated from other network segments.

Preparing your personnel for seasonal scams generally falls into the same category.

Train your team to check for inconsistencies between cardholder names and the people presenting cards. Also, have them look for discrepancies on the cards themselves. And, double-check that people who want to make changes to your infrastructure are truly authorized. 

Some fake cards use software in their chipset designed to take down a POS system. Those malicious cards impersonate the legitimate POS company to ‘replace’ or ‘upgrade’ POS terminals. That scam provides attackers with full access to card transactions, which means you’ll need to be extra diligent in training your cashiers this holiday season.

Recent: Know Your Network – Why Details Matter in IT

 

Hacking Bots

 

When it comes to hacking, some CISOs try to deny access to bots by using geographic filtering, which blocks specific country IP codes, such as Russia, China, and Iran.

You’d do this to limit web access to only countries with which you do business. However, attackers already have begun to anticipate such measures. 

Cyber criminals use malicious bots (automated code performing tasks on the internet) to take over user accounts, attack APIs, perform DDoS attacks, and to scrape content from websites.

Researchers found that attackers now deploy bots so that 56.4% of bots appear to come from the United States.

To counter bots, first deploy challenge-response authentication (such as CAPTCHAs). That simple solution counters first-generation bots, and provides an initial defense against low-level hacks.

Next, tighten authentication mechanisms on APIs, and monitor failed login attempts or sudden spikes in traffic.

With nearly 37% of bots now exhibiting nearly human behavior, in-house developed bot detection may not be sufficient to prevent their interaction with your website.

So, check often to see if bots made it through the basic defenses. Monitoring that activity lessens the attack surface for bots, and provides red flags for your team to investigate.

 

The Human Element of Holiday Security

 

You need to worry about human attacks, too. 

An abundance of stolen credentials has many attackers turning to cheap overseas labor in countries, such as China and Venezuela, to manually enter credentials to commit fraud. 

Human attacks increased by 33% between the second quarter of 2019 and the third quarter of 2019. Overall, fraud increased by 30%. These attacks use legitimate credentials, and they’re extremely difficult to detect. 

Again, geographic filtering stops some attacks, but many cyber criminals account for that technique. 

 

The Right Support

 

Talk with your peers about holiday security.

Opening up those dialogues helps with solutions, and may also provide you with insight on any new types of attacks. Partner with industry groups to share information, and learn from the painful experiences of other companies. Don’t let your team fall victim to holiday security breaches. 

Are you confident in your network and cyber security? If not, we can help. Our team will help your monitor your network, and aid in the prevention of cybersecurity attacks with Blue Bastion.

We know that no two businesses are alike, so we will tailor everything to your specific security needs and budget. It’s called “maximizing your return on IT.”

For a risk-free demonstration, contact us today by completing the form below, or by calling us at 412-349-6680.

If you’ve been actively breached, and you need immediate support, call our incident response team at 412-349-6678.

Building networks and partnerships, we are on your side. Let us help you this holiday season!

Request Your Risk-Free Consultation Today!

  • This field is for validation purposes and should be left unchanged.