CALGARY, AB – November 28, 2011 – Check Point® Software Technologies Ltd. (NASDAQ: CHKP), the worldwide leader in securing the Internet, is cautioning Internet ‘shoppers’, that one of the first places hackers are focusing, is social media.
Said Paul Comessotti, Canadian Regional Director, CheckPoint Software Technologies”, Ltd. “The hackers are busy creating fake profiles on social networking and e-commerce sites. These profiles and websites are meant to mimic well-known corporate brands, and coax users into clicking on their content.”
As a result, malicious content can now lay hidden within Twitter posts and Facebook links. Once an employee clicks on those links, an entire corporate environment can be compromised.
And, while people might think they know better than to click a malicious link, a recent survey by Check Point Software showed that phishing and social network tools are the most common sources of social engineering threats – a hacking technique that traditionally leverages a variety of Web 2.0 and social networking applications, to gather personal and professional information, creating specific profiles on individuals and tricking them into divulging sensitive or personal information. This can range anywhere from personal credit card numbers to information about their employer’s organization.
The report titled ‘The Risk of Social Engineering on Information Security’, revealed that 86 per cent of IT and security professionals are aware or highly aware of the risks associated with social engineering – and nearly half of enterprises surveyed admitted they have been victims of social engineering more than 25 times in the last two years.
This brings home a stark reality – technology alone isn’t enough to protect an organization. Most organizations simply don’t pay attention to the involvement of users, when in fact, employees are a critical part of the security process – but can also be the weakest link.
A good way to raise security awareness among users is to involve them in the security process and empower them to prevent and remediate security incidents in real-time.
Here are a few ‘security best practices’ that businesses can implement to ensure that employees’ networks are safe:
- Ensure your company has the latest intrusion prevention updates in place – as the first line in network defense, businesses can take preemptive measures to preventing known vulnerabilities from being exploited and ensure all endpoints and systems are secure.
- While social media can be a great engagement tool between retail businesses and customers, it also gives hackers an opportunity to spread malicious content and attacks virally. A reliable Application Control and URL Filtering solution can help mitigate the risks employees may encounter with millions of websites and Web 2.0 applications accessible to users.
- Businesses need to encourage employees to only visit SSL secured sites that encrypt data before transmitting it across the web. Depending on your browser, websites with SSL certificates will have a padlock icon or your address bar will change colour and users can click on the padlock icon to verify the identity of the certificate owner.
- A critical step to preventing hacking attempts is to ensure business computers have updated antivirus and Operating System (OS) patches.
- Because of increased usage of mobile devices by employees, for browsing and purchasing items, the risk of mobile security threats has grow, making it important to know which mobile devices are assessing company resources and enforce the appropriate levels of network access control.
- To accommodate the rising numbers of online shoppers during the holiday season, retailers increase network traffic and capacity by implementing temporary flexible hosting sites or cloud sites (i.e. a month or for a two week sale period). It is important that retailers have appropriate internal security procedures enforced on temporary sites as well, to ensure all corporate and customer data remains protected.
- Ensure existing security gateway can handle the increase in traffic – especially for businesses, such as retailers, personal banking sites or e-commerce sites that anticipate large volumes of traffic.
“The bottom line is that the holiday shopping season means more security threats. For businesses, it’s important to be aware of the plethora of online shopping scams, hacker attacks, fraudulent emails, e-cards and phishing schemes that are known to increase this time of year. Companies that take proper precautions by leveraging a combination of technology and user awareness among their employees can greatly reduce their security risks this holiday season,” said Comessotti.