On November 19, the National Cybersecurity and Communications Integration Center (NCCIC) of the U.S. Department of Homeland Security issued an alert regarding seasonal scams and malware campaigns.
Per the alert, the holiday season typically sees an uptick in scams and malware delivered through email. Infected advertisements, requests for contributions to phony charities, and similar cybersecurity threats increase as consumers spend more time online shopping for holiday gifts or looking to support worthy causes. These threats lead to lapses in security, breaches of data, and financial and reputational loss.
Heightened vigilance toward these threats is recommended, during the holiday season and in general. The NCCIC advises exercising additional caution when shopping online and using email. The NCCIC further recommends responses in the event of a compromise, including closing affected accounts at relevant financial institutions, changing passwords, and reporting crimes to the authorities.
ACA Aponix Guidance
ACA Aponix recommends taking the following actions regarding seasonal scams and malware campaigns:
- Follow the NCCIC guidelines for preventing seasonal scams and malware attacks, as well as their recommended steps for responding to an attack.
- Provide continual training to staff on how to recognize and prevent phishing and other social engineering threats.
- Enact and implement strict security updates and a patch policy for all software updates across your organization.
- Make sure emails are from a trusted source, and avoid suspicious links and attachments.
- Vet requests for charitable donations, including researching the charity online, paying only by credit card or check (not cash or wire), and avoiding pressure tactics.
- Closely monitor credit cards and other financial records for unusual activity.
- Enact a security freeze with the three major consumer credit bureaus.
How ACA Aponix Can Help
ACA Aponix offers the following solutions that can help protect your firm and your employees from vulnerabilities, breaches, or related cybersecurity risk:
- Phishing testing and cyber awareness training
- Penetration testing and vulnerability assessments
- Cybersecurity and technology risk assessments
- Cyber incident response planning
- Threat intelligence
- Vendor diligence and management
For More Information
If you have any questions, please contact your ACA Aponix consultant or email us at firstname.lastname@example.org.