New Banner 3

Services

Find out more about ProCheckUp's services including: Penetration Testing, PCI QSA and PCI DSS

More Detail

PCI DSS User Group

User Group is for merchants to come and share experiences with fellow professionals. We have regular presentations from the card schemes and acquiring banks.

Find out more & join...

IT Security Tips for Christmas

16 December 2014 by Rolando Fuentes, ProCheckUp

What companies should look into before and during the Christmas break 

Just like in the real world, the Christmas break seems like the perfect time for the cyber-baddies to break into unauthorised systems in search of sensitive data to trade in the darknets for other things they may be interested in. Without sounding too alarming, companies should not overlook Christmas as a relaxing time, but rather as a time in which attackers could target organisations more easily than during active periods, as they know there will not be as many people around.

ProCheckUp recommends considering and implementing the following guidelines, so that you can enjoy a truly relaxing time amongst family and friends with some piece of mind:

On-line:

  • Do not open unsolicited e-mails (even if they come from Santa himself!), as they are the easiest way for unethical hackers to break into your systems and spread their malware.

 

  • Make sure you are protected against unwanted surprises by not downloading unknown files from the Internet.

 

  • Equally, do not install any program or app if you don't know what the source is.

 

  • Ensure that WAF malware detection mechanisms for your on-line presence are updated to the latest release and thus able to identify potential new threats.

 

Before you leave:

  • Inspect the company's premises to ensure that no rogue WI-FI access point or any other entry device has been installed and disguised by an attacker or malicious user (remember the pwnie express?).

 

  • Shut down workstations, and do not leave them on unless it is strictly necessary. If they need to be booted up during the Christmas break, make sure the system is running as a standard, unprivileged user and not as a power user or as a privileged user such as the administrator.

 

  • Make sure that servers and workstations are locked down after a certain period of inactivity.

 

  • Use a complex password protected screen saver that is activated after idle periods.

 

  • Disable the company's VPN gateways for the duration of the Christmas break if they will not be used by remote workers (working during Christmas….ouch!)

 

  • Make sure that the anti-virus and general malware protection is updated to the latest signatures available and perform a full file system analysis.

 

  • Ensure that your filtering policies and firewalls are protecting the network(s) efficiently.

 

  • Schedule system maintenance tasks, including the above to be performed regularly whilst you are away.

 

  • Ensure the operating systems are updated to the latest patch level.

 

  • Change your password to a temporary, complex one.

 

  • If you have a WI-FI infrastructure in place, disable it for the duration of the break, especially it is bridged to your main corporate network. If you also have a wireless network for guests, in which security might not be as strong as your main company's network, disable it too.

 

  • Consider disabling any network service that will not be used during the break.

 

  • Warn the physical security guards of your building of any potential "friendly visitors" asking for permission to perform maintenance tasks during the Christmas break in order to avoid social engineering attacks.

 

Finally, and most importantly, enjoy Christmas!

 

Back To listing