Protect corporate sites before the holidays, experts warn

Security experts are advising companies to secure corporate networks ahead of the holiday season, when employees may be more susceptible to phishing scams and online fraud. A new report published Nov. 2, 2017, by Adobe Systems Inc., predicts a 13.8 percent increase in online shopping this holiday season, with 80 percent of ecommerce occurring at major retail sites. The study, Holiday Ecommerce To Hit Record $107B in 2017; Mobile Will Lead in Visits, is based on metadata from Adobe Analytics.

Mickey Mericle, Vice President, Marketing and Insights at Adobe, expects to see deep discounts, as retailers compete for market share. "We predict the biggest retailers with wide selections, easy shopping experiences and free shipping, to drive online holiday growth this year," she stated.

Christian Lees, Chief Information Security Officer at InfoArmor Inc., said employees will be more susceptible to phishing and malware attacks during the holidays, as criminals try to steal their credentials to gain access to corporate networks. "Considering the tremendous amount of time individuals spend at work, naturally some of our personal behavior weaves its way into our corporate environment," he stated. "For example, mailing lists and 3rd party site enrollment tends to peak during holiday season, often due to retailer campaigns, targeting marketing and consumer behavior."

Protect networks, corporate credentials

Individuals who use their corporate credentials and work email accounts to shop online are exposing their companies to outsider threats, added Byron Rashed, Vice President, Global Marketing at Advanced Threat Intelligence at InfoArmor. Most credential breaches occur at third-party sites, where consumers use corporate emails and passwords to create accounts. By using a corporate password, these employees unwittingly give threat actors the "keys to the kingdom," he noted.

Noting that threat actors can be cunning, Rashed recommended implementing the following precautions to protect employees and networks from outside threats and data breaches:

• Do not use corporate credentials at third-party sites, except for work-related projects.

• When required to use corporate credentials on third-party sites, create a unique password, and do not use your corporate password.

• Use complex phrases and symbols to combat tools threat actors use to guess passwords.

• Avoid common phrases or words that a threat actor may guess, such as a spouse's or child's name. Much of this information is easily available on social media sites.

• If your credentials and password are compromised from third-party site, inform your IT department immediately and reset your corporate password ‒ even if you didn't use it.
• Never use corporate credentials (username or password) for anything other than work, especially during the holiday season.

Rashed emphasized the need to protect mobile, tablet and laptops passwords, especially those that can be easily accessed on a connected device. "An obvious potential danger is in the latest version of iOS where "keychain" can be easily accessed through settings," he stated. "The user names and passwords are available in this feature. If the device is lost or stolen and no passcode protection is on the device, all the user's accounts within keychain are at risk."

Editorial Note:

Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.