The rush is on.
Workers are working feverishly to finish up the year's business and close the books on 2016 before they head out for the holidays. Meanwhile, employees are busy coordinating family schedules and nailing down their travel plans. And let's not forget scouring the internet for that perfect gift.
Ever the opportunists, cyberattackers are counting on this perfect storm of hyper-productivity and distractedness to scam unwitting employees or wend their way into your small business' devices and network and make off with sensitive financial and personal data.
Small Business Computing asked the email encryption and data loss prevention experts at ZixCorp how small businesses can protect themselves this holiday season. CEO Dave Wagner and Dena Bauckman, ZixCorp's director of product marketing, share their advice.
Stick to Secure Wi-Fi Networks
When you're in a rush, the urge to connect to just any Wi-Fi network to quickly retrieve an email can be overwhelming. Don't do it, urges Wagner.
"More public businesses are offering free Wi-Fi to their patrons, but workers need be cautious when using these networks to conduct business. Public Wi-Fi is nowhere near as secure as the private networks set up in the office, therefore sending sensitive documents or emails with confidential information in the body of the email should never be done over a public Wi-Fi network," Wagner warned.
Unless users encrypt their email communications, it's trivially easy for network eavesdroppers to view the contents of plain-text emails. "It's a lot like sending a postcard," added Bauckman, "there is nothing preventing them from seeing the actual communication."
In short, connect to trusted, secure Wi-Fi networks as a matter of course.
Shop Smart Online
Who wants to trudge to the mall after a hard day's work?
"As the holidays creep closer, workers may do some online shopping at their desks," said Wagner. The downside of this convenience is that it can leave them vulnerable to cyberattacks. "And if your employee provides their work email, it can open the possibility of a phishing attack that could affect the data on their work computer."
In the search for unique gifts, "people tend to shop on sites that they don't normally shop on," said Bauckman. Unlike Amazon.com and other well-known online retailers, some niche, fly-by-night shops can be woefully unqualified to handle personal data or can be loaded with malware and malicious links.
"Always make sure that your employees verify the security of the site they are shopping at and confirm that the checkout page is secured with an HTTPS connection," suggested Wagner.
Lock Down BYOD Devices
At the bare minimum, small business owners should require that any device that touches business data be protected against unauthorized access. That includes personally owned iPhones, Android smartphones, iPads and other popular bring-your-own-device (BYOD) mainstays.
"Any device that workers use to conduct business should be password-protected," Wagner said. "Whether it's a cell phone, the company laptop or a personal tablet, all devices that have access to an employee’s email account and work documents should be, at minimum, protected by some sort of password, thumb print, lock code, etc."
Consider Data Loss Prevention Software
Bauckman acknowledges that "a lot of small business, when they hear 'data loss prevention,' it probably scares them a little."
Powerful, enterprise-grade data loss prevention products perform thorough scans of entire networks and the systems that reside on them to help prevent data leakage. Of course, for the typical small business, they can be a nightmare to implement and manage.
Luckily, targeted products that cater to small businesses also exist. Bauckman suggests finding a solution that focuses on email, "where the majority of data loss happens." These are much easier to implement and manage, she added. Companies can instantly and massively reduce the risk that valuable business or personal information is sent via email by simply setting a couple of common-sense policies.