5 Ways To Thwart Ransomware Attacks As Workers Log Off For Thanksgiving Week | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Security experts warn that the upcoming Thanksgiving holiday period isn’t just great for bargain hunters but also for cybercriminals looking to spoil your weekend. This year, with a significant increase in fraudulent activities predicted, a new report from CybeReady says, “the risks are higher than ever.”

The long Thanksgiving weekend heralds one of the busiest times of the year for cybercriminals looking to turn happiness into misery for organizations and individuals alike. How much of a spike in crime can be expected? It has been reported that the difference could be as much as 40% compared to the average weekend for the rest of the year. Ransomware attacks are often timed for such a holiday weekend in the knowledge that staff coverage will likely be minimal. Phishing scams targeting holiday shoppers will most likely also increase to take advantage of the season, often as a way of gaining initial access to a corporate network. But here are five simple cybersecurity hygiene steps you can take to help thwart the hackers this holiday.

MORE FROM FORBESHackers Target Gmail-Secure Your Account Now With These 3 Steps

1. Ready Your Incident Response Plan

Ensure your organization has adequate security cover by way of on-call staff across the Thanksgiving weekend. This cover should extend to key staff required should the sticky stuff hit the fan through a ransomware attack, for example. So, ensure you have your incident response plan reviewed and updated. Just because desks are empty due to holiday leave doesn’t mean you leave the office door metaphorically open.

2. Use Generic Out-Of-Office Responses

Use generic out-of-office messages for all external recipients by email, messaging or telephone. Cybercriminals can determine a lot of useful “surveillance phase” information from such an automated response, including when staff will return and details of emergency cover to name but two. Kaspersky suggests using different auto-reply messages for internal and external emails, use redirects to available staff rather than contact details in a message and never include details of a vacation, dates while away or other information that could be used to add believability to a phishing attempt.

3. Password Management And Multi-Factor Authentication

Use strong passwords, and do not share these between colleagues or accounts. Password reuse turns an otherwise strong credential into a liability just waiting to be exploited should any of the sites where it is used get compromised. Use password management software to create genuinely random and strong passwords and phrases and store them securely. Multi-factor authentication should be mandatory for any staff using remote access as well as admin accounts. Ideally, MFA should apply to all staff all the time. Targeting employees with Thanksgiving shopping or parcel delivery scams to gain access to a network is commonplace during the holiday season.

4. Slow And Steady Wins The Cybersecurity Day

Speaking of phishing scams, don’t be pressured into clicking a link, opening an attachment or handing over sensitive information just because a there’s sense of urgency and you want nothing more than to get on with the celebrations. Such time-sensitive pressure is a common tactic because it is often successful.

5. Validate, Validate, Validate

It shouldn’t need saying, but here we go: don’t hand over sensitive information such as a bank PIN, a password or an authentication code in reply to email, direct messaging or telephone. Always authenticate the sender’s validity through contact details already known to you, even if everything appears legitimate. Faces and voices can be faked easily; do not trust any unsolicited communication and always double-check before making a financial transaction.

The average individual loss to Black Friday and Cyber Monday scams was £1478 in the U.K. alone last year, which according to the National Cyber Security Centre is a 50% increase on the previous year’s reporting. NordVPN statistics suggest 34 million Americans were targeted over that weekend in 2022 and Barclays Bank reported it saw a 22% rise in purchase scam losses.


Click Here For The Original Source.

National Cyber Security