In a recent video by Help Net Security, Sean Tufts, managing partner for critical infrastructure and operational technology at Optiv, shared valuable insights on the best practices for maintaining cybersecurity during the hectic holiday season. As the holiday rush brings about an increased risk of cyber threats, businesses need to be extra vigilant to safeguard their systems and data.
One key recommendation provided by Tufts is to pause large changes in your security stack. Rushing out untested IT and security changes in an attempt to start fresh in the New Year can open up vulnerabilities that hackers can exploit. Instead, businesses are advised to consider delaying major updates until staff are back from the holidays and are able to fully focus on testing and implementing these changes.
Another important point emphasized by Tufts is the need to ensure that contractors are well-versed in cybersecurity policies and procedures. With many companies hiring temporary or contract workers to cover staffing gaps during the holiday season, there is a potential security risk if these individuals are not adequately trained in cybersecurity practices. Providing regular briefings on security policies and offering training on vulnerability management can help mitigate these risks and prevent costly mistakes.
Tufts also highlights the value of subscribing to a threat intelligence offering. By leveraging external threat intelligence services, businesses can stay informed about emerging threats and better prepare themselves to respond quickly in the event of an attack. Cybersecurity is a collective effort, and companies can benefit from the insights and expertise provided by threat intelligence offerings.
Furthermore, maintaining a watchful eye on traffic entering the security operations center (SOC) is crucial during the holiday season. Any abnormal activity should be promptly investigated, as it could indicate an attempted breach by malicious actors. With the increase in traffic volumes typically experienced by companies during this time of year, continuous monitoring of network activity is essential to detect and respond to potential threats.
Lastly, businesses are encouraged to communicate the importance of safe IoT stewardship to employees, particularly as many may receive connected devices as gifts. With a significant portion of the workforce still operating remotely or in a hybrid setting, the introduction of new IoT devices can pose security risks if not handled properly. By educating employees on the safe use and storage of corporate devices, businesses can prevent insecure devices from compromising their networks.
In conclusion, the holiday season brings unique challenges to cybersecurity, and it is essential for businesses to implement proactive measures to protect their systems and data. By following best practices such as pausing major changes, educating contractors, leveraging threat intelligence, monitoring network traffic, and promoting safe IoT stewardship, businesses can enhance their cybersecurity posture and minimize the risk of cyber threats during this busy time of year.