The Best Cyber Monday Gift: A Security Risk Assessment

Cyber Monday is in the books for 2015 and it is expected to be another record year for online spending. Analysts expect that individuals will spend around $2.4 billion online this past Cyber Monday, an 18% - 20% increase over last year. While there were some deals to be found out there online, there is certainly a level of risk that comes with online shopping. When you combine this inherent risk with the fact that 95% of individuals planned to do some online shopping from work, your company might be opening themselves up for a cyber-attack without even knowing it.

US-CERT recently issued an alert stating that holiday phishing scams and malware attacks are on the rise this year and we are just entering the busiest part of the holiday shopping season. Some of these attacks might look like the following:

• Fake advertisements offering great deals on a product that you might be interested in
• Fake shipping notifications with tracking links that install malware or ransomware on your computer
• Spoofed email messages from a contact that you know with an e-card that contains malware or ransomware
• Fraudulent posts on social networking sites like Facebook, Twitter, and Pinterest asking for support for seemingly worthy causes

While phishing attacks and malware attacks are nothing new (remember all the emails from the Nigerian princes that wanted to send you a check to cash?), they are getting more and more advanced and ultimately difficult to recognize. As a business, one of the main recommendations is to continually "test" your employees through controlled social engineering exercises. All the news and the glory goes to the hackers that sneak into a system and install malware on a company’s network (Target anyone?), however the human element remains the number one weakest link in a company’s security system. You can have all the latest and greatest technology in the world, however if your employees are not trained to identify and question these phishing campaigns, you are setting yourself up for a dangerous scenario. This is why you need to take a multi-faceted approach to the security of your business through a security risk assessment. This will allow you to explore your systems for any weaknesses through Vulnerability Scanning and Penetration Testing and explore your workforce for any areas of concern through Social Engineering Assessments so that they don’t fall victim to an attack, ultimately exposing your company to the theft/loss of sensitive information.

Download the Compass IT Compliance Security Assessment Services brochure to learn more about the services that we offer to help protect businesses of all sizes protect themselves from both the technology aspect and the human element. Contact us with any questions that you have and stay safe this Holiday season!