informa
/
4 MIN READ
Commentary

Cyber Pitfalls to Avoid this Halloween and Always

October brings cooler weather, Halloween festivities, and an opportunity to raise Cybersecurity awareness to use all year long.

October is best known for Halloween. It also happens to be Cybersecurity Awareness month. We spread awareness about the virtual zombies that cause enterprises sleepless nights. While Halloween marks the end of Cybersecurity Awareness month, there are some common pitfalls that we do not realize are hanging around in our backyards all year long. Let us take a look at some standard Halloween practices and equate them to spine-chilling cyber threats that can be kept at bay by following good cyber hygiene:

  • Accepting candy from strangers: We teach kids not to take candy from strangers the whole year, but on Halloween night, kids get candy from anyone. This is dangerous behavior, and the same applies to links we click. Phishing scams make people think they are interacting with a legitimate site to get their personal and financial information. More than one-third of technology users fall victim to phishing. A good website and content filter can go a long way in preventing phishing scams. As a general rule, one should never give out personal or confidential information without verifying that it is going to a legitimate party authorized to receive that information. This requires cultivating a security-first mindset among employees with regular training, simulations, and education.
  • Attending a masquerade ball: It is popular to hold masquerade parties during Halloween, where everyone hides their identities behind a costume or mask. The same applies to hackers who thrive on remaining anonymous. Under these circumstances, the best solution is to trust no one, verify everyone’s credentials, and then give them limited access based on their privileges. Solutions that use this concept, known as Zero Trust Network Access or ZTNA, is an excellent way to connect remote employees while keeping hackers out.
  • Not wearing a costume: Trick-or-treating without an outfit during Halloween is frowned upon. The same applies to sending information over the internet without encryption. Remote employees must protect their enterprise data over WiFi networks in coffee shops or homes. One good way to avoid this problem is to select a solution that extends secure corporate WiFi to any location. This segmentation and separation of traffic will enhance security posture. If you cannot bring corporate WiFi with you and have to use a public WiFi network, then always assume it is not secure and avoid sharing confidential information. The US Federal Trade Commission has tips on using safely using public WiFi.
  • Spreading rotten apples: Most candy and treats have a shelf life. It is advisable to check if the Halloween candy has been opened, expired, or discolored before consumption. Reading the labels on candy is the first step in this process. The same applies to enterprise solutions. 5G devices with WiFi capabilities must have GCF, PTCRB, WiFi Alliance, FCC (US), ISED (Canada), and other country-specific approvals. The 5G gateway must have RoHS, WEEE, and REACH certifications for safe and responsible operation. Additional certifications like HIPPA, PCI DSS, FIPS, and others may also be required to ensure the solution meets minimum security standards. Enterprises must refrain from using devices that do not have appropriate certifications or are not recommended by an operator to use on their wireless network.
  • Losing all your stash: One of the often overlooked costume features is whether it has a place to hold your phone or a bag to hold your candy. Enterprises must think of all possible scenarios, including what to do in case of a cyber breach. An incident response plan can help mitigate losses and damages. A study by IBM and Ponemon Institute reveals that 77% of organizations do not have a response plan to deal with cybersecurity incidents. This is alarming as it indicates there is no fallback procedure to react and rectify issues when things go wrong. Any incident response plan must include cyber insurance to cover costs, lawsuits, ransomware payments, damages, litigation expenses, and other judgments.

Cyber hackers are nasty monsters lurking around to scare businesses all year round. Turning off the lights in your home on Halloween may signal to the kids that you are all out of candy. However, this can also make you an easy target for vandals. The same applies to security tips for businesses. Most hacks take advantage of normal human behavior to cause a breach. Companies must cultivate good habits among their employees and have security measures in place. Staying vigilant and having the right tools can help prevent cyber breaches. Happy Halloween!

Editor's Choice
John Edwards, Technology Journalist & Author
Jessica Davis, Senior Editor
John Edwards, Technology Journalist & Author
John Edwards, Technology Journalist & Author
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing