Are you Fireproof for the Holidays?
The holidays can be a good time for attackers to surface as IT & Security activities are often reduced due to holiday staffing and freeze periods – mid-December to mid-January. Not only this, but users may pay less attention to attacks in the months leading up to the Holidays amidst the large influx of emails we are all receiving featuring countless Holiday promotions.
While organizations may not often see the time just before the Holidays as the right time to start new security projects, approaching risks from a different angle may reduce your exposure during this high-risk time.
Employees can be a major security risk for the company with the increase in phishing or vishing attacks.
Our recommendation for the season is to work on the following aspects of your organization’s security strategy:
1. User Awareness
- Send a memo to all users (employees, contractors, and partners) to remind them of your security basic principles:
- How to manage passwords (What is a good password; Never share a password; How to store passwords correctly; When to change password; Password policy)
- Lock computer or mobile device when not in use
- Pay attention to phishing or vishing attacks
- How to safely exchange and share documents
- Not to store documents on unprotected devices (unencrypted USB key or public computer)
- Immediately report any theft or loss
- Immediately report any suspicious activity
2. IT & Security Teams’ Organization
Ensure IT & Security teams know where to find the latest version of the incident management process and have the following information at hand:
- List of emergency contacts
- List of out of office employees during the holiday period
- On-call list
Verify that important alerts are monitored, received by the correct team, and escalated according to internal processes.
3. Attack Simulation
December is probably not a good period for a pen-test, but this may be a good time for a phishing test or a brute force password attack. If you are an Office 365 E5 customer, these solutions are already available to you in Office 365 Security & Compliance. If you are not sure how to use these tools, Avaleris would be happy to help (contact us here).
4. Security Plan for 2020
Review previous security reports, update the risk likelihood and impact, and plan your security improvement projects for 2020.
If you are an Office 365 customer, reviewing the Office 365 Secure Score could help you to build your plan.
If you do not already have, Conditional Access (CA), Multi Factor Authentication (MFA) or Single Sign-On (SSO) solutions in place, this must be on your list of priorities for the New Year.
With our team of highly qualified consultants, Avaleris is available to help you identify or realize your security priorities and projects.
Avaleris is your go-to security partner, and is focused on Microsoft 365 for everything Identity, Cybersecurity and Mobility.
Looking for more information on how to increase your security posture?
Contact us and let us help you ensure your organization is secure over the Holidays.
Practice Lead, Cybersecurity & Information Protection
Avaleris focuses exclusively on hybrid identity, enterprise mobility, and cloud security, enabling businesses to improve their agility and security while enabling employee productivity and collaboration.
Reach out to us to discuss your project objectives.
1-844-996-9695 • firstname.lastname@example.org • www.avaleris.com