During the holidays, many office-based businesses are closed up for a number of consecutive days. This downtime might be leveraged by cybercriminals to launch attacks against companies, taking advantage of the fact that networks will be unsupervised.To help organizations that plan to close up for Christmas and New Year, security experts from GFI Software have put together some key tips for IT staff in order to minimize the risk of hacking, DDOS attacks, unauthorized access, and malware infections.
“The Christmas holiday season traditionally poses a big challenge for organisations of all sizes, as the need to monitor and maintain IT systems has to be balanced against the need for staff to take time off,” explained Phil Bousfield, general manager for Infrastructure at GFI Software.
“However, IT staff face additional challenges, as not only do they need to consider the reoccurring threat of networks and systems being targeted during the quiet holiday period, but also the risk posed by employee devices being used for remote access.”
The threat is even bigger this year because a large number of iOS, Android and Windows-based mobile devices have been purchased and their owners will probably connect them to the corporate network for the first time.
Experts recommend the removal of user accounts that are no longer utilized since dormant (ghost) accounts pose one of the biggest risks of unauthorized access.
Furthermore, IT staff should shut down ports that are not needed. Only critical network ports must remain open to secure the infrastructure against malware, spyware and other malicious code that might use them for communications.
Another important piece of advice is to ensure that all operating system and key applications are properly patched up. The use of a dedicated patch management solution that can automate the process is highly recommended.
Besides updating applications and operating systems, organizations should ensure that their antivirus solutions are up-to-date.
Another sound advice is “If you don’t need it – switch it off.” All devices that are not used during the break should be shut down.
Finally, as employees prepare to connect to the company network from their new devices, businesses must develop or refresh their IT policy, especially the one regarding the Bring Your Own Device (BYOD) trend.