- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
CIO - Thanksgiving is just around the corner in the U.S., and so are Black Friday and Cyber Monday, two of the busiest shopping days of the year. It's also a peak period for malware, phishing and spam. Since employees are increasingly using their own devices to access corporate resources (or simply using a work PC to sneak in a little shopping on Cyber Monday), it's a good idea to share some best practices with your users to help protect them and your network from threats.
"You could tell them no," says Bob Bunge, professor of Cyber Security in the College of Engineering and Information Sciences at DeVry University. "In some circumstances, that's absolutely what you should be telling them. Don't use the office network for retail. It's just a bad idea, period. It's a lousy, bad thing to do."
However, employees often don't perceive the security threat as acutely as IT managers do, so a few pointers on keeping safe are a good idea. After all, shopping sites are among the top malware-infected sites on the Web, according to Symantec.
Five Best Practices to Stay Safe Online
When it comes to dodging malware and phishing attacks, there are a few simple things you can watch for on shopping sites to help keep you safe:
Look for an HTTPS and/or padlock in the address bar before submitting personal information on a website. This is a sign that the site is leveraging the SSL/TLS cryptographic protocol to secure your communications with the website in question. This helps protect against man-in-the-middle attacks that allow an attacker to intercept your communications with the site and inject new ones.
Look for your browser address bar to light up green. This is an indication that the identity of the website you're visiting has been strictly validated with an Extended Validation Certificate. In other words, you really are at the website of the merchant you're trying to shop with rather than fake site created by a malicious attacker to fool you into sharing personal information.
If an offer in an online ad or email sounds too good to be true, avoid it. These are often lures to infect you with malware or gather your personal information. "If it sounds scammy, it's probably scammy," Bunge says. "If I had to cut a large IT security training program into just a paragraph or so, probably the first thing I'd say is 'Don't click on that link!' The whole phishing industry nowadays is based on finding ever more creative ways to get you to click on some link.