From The Editor | November 25, 2009

Tis the Season … For Cyber Crime

Webinar: Cloud 101

By Gennifer Biggs, security, storage, and managed services editor

While the rest of us are recovering from too much Thanksgiving turkey and stuffing, and the stress of Black Friday shopping, cyber criminals will spend this weekend preparing for Cyber Monday, that online shopping frenzy that marks the start of the online holiday shopping season.

Why does this matter to you? Because many of your customers' networks are not secure from attacks linked to online shopping, something many employees do over lunch and after hours. And that equals an opportunity to talk … security and usage policy.

According to research from the National Retail Federation, nearly 56% of workers with Internet access will shop online on Cyber Monday. The problem is that many employees will not think twice about how their online shopping might pose a risk to the company network. Security vendor GFI Software's recent survey of SMBs showed the businesses themselves are only slightly concerned (9%) with internal security threats (such as those caused by online shopping) and don't often monitor employees' online activities (36%).

"The fact that so many plan to do holiday shopping from their work computers, combined with their lack of concern for how secure their computers are, points to an urgent need for employers to pay closer attention to what employees are doing online during office hours and to educate employees to be careful what sites they are visiting and what files they are downloading," says David Kelleher of GFI.

That reality marks a great opportunity for VARs and MSPs that handle security for SMB customers. Take some time this holiday season to educate your customers about the threat and IT solutions that can help secure your network. Ask them about 24/7 monitoring of their network, and offer advice on setting usage policies that not only help lower the security threat but improve productivity.

As a bonus, let them know about the five most frequent scams identified by security vendor AppRiver:

  • Fake Holiday eCards: Don't recognize the sender? Delete it. If the email is not addressed to you specifically, delete it. If you're instructed to download an "executable program," delete it.
  • Fake Holiday Products: If you don't recognize a company, don't order anything from them until you're sure they really exist.
  • PayPal/eBay: Avoid following links that are provided for you in any email, especially if you are unsure of the sender. A frequent trick from spammers during the holidays is a link to a fake eBay or PayPal login page. Rather than follow links in emails, type it directly into your browser.
  • Bank Phishing: Banks will never ask for your personal information, or provide your personal information, in an email. Also, keep an eye out for poor spelling and grammar. If you are not specifically addressed in the email, delete it.
  • Letters from Santa: Although a nice idea for the kids, do your research. There are many fake companies out there. Check in with the Better Business Bureau to confirm existing companies.