Keeping Safe and Secure thru the Holiday Season
Sage advice for business owners and holiday vacation travelers
By Scott R. Gane, CPP,
Tis the season... Everyone is very busy trying to get their year end financials
in order, manufacturers are trying to finish year end orders and keep up with the
holiday push on retail demands and the retailers, well they are just trying to keep
up. Yes, this is the busiest time of the year. It's also the busiest time of the
year for unscrupulous people who would want to take your hard earned profits and
make them their own.
With the year-end rush, companies tend to relax some of their well-established security
programs and measures in favor of the "good will toward men" and other various
holiday sayings. The following are some basic do's (Nice) and don'ts (Naughty) that will
make your holiday season much brighter.
- Continue with your access control policies. Identify everyone
coming into your building and/or factory. Make sure they have a purpose and make
sure you visually identify/verify those persons. Have them loosen coats and scarf's
to see their bright smiling faces and assure they are not bringing something in
the building they shouldn't be. If your company doesn't have a policy to address
material being brought into or taken out of the building, make sure one is
- Check your employees and visitors on the way out. To meet
Federal and State mandates, you must have your "Search" policy posted.
Many office supplies (including laptop computers) tend to disappear sometime
during the holiday office parties never to be seen again.
- Continue to be vigilant with your hiring policies and practices.
Temporary workers abound in the last few weeks of the year. Temps are hired to
fill everything from extended vacation slots to floor workers needed to address
increased sales or production demands. If you conduct background investigations,
drug tests, reference checks, etc. on your permanent hires you should continue
to do this on your temporary hires.
- Re-enforce your company's IT security polices. Unscrupulous temporary
workers with access to your computer systems and company records equal a disaster in the
making. Passwords written on sticky notes attached to the monitor of the computer
or the top of the desk drawer left unlocked make it much easier for the
nare-do-wells. Away messages left on email or voice mail give opportunist and
hackers an opportunity to conduct some "social engineering" on temporary
workers or other workers assigned to fill in at a different department in order
to gain access to your computer systems without having to work too hard at it.
- Protect against Phishing Scams. Webopedia defines
"phishing" (fish'ing) as the act of sending an e-mail to a
user falsely claiming to be an established legitimate enterprise in an attempt to
scam the user into surrendering private information that will be used for identity
The e-mail directs the user to visit a Web site where they are asked to update personal
information, such as passwords and credit card, social security, and bank account
numbers, that the legitimate organization already has. The Web site, however, is
bogus and set up only to steal the user's information."
Phishing and/or identity theft scams are at an all time peak during the holiday season.
Unsuspecting workers who have had little computer experience in the past, but again
are moved up during the holiday season, have access to the company computer systems
and email. Identity theft is the fastest growing crime in the world today. According
to the National Cyber Security Alliance, one in four Internet users have received
phishing scams and almost 70% were fooled by them.
The number and sophistication of phishing scams sent out to consumers is continuing
to increase dramatically. Direct economic losses in the United States alone totaled
over $574 million in 2004, according to the Federal Trade Commission.
How to avoid Phishing Scams
- Phishers typically include upsetting or exciting (but false) statements in their e-mails to get people to respond immediately.
- Phishers typically ask for personal information such as usernames, passwords, credit card numbers, social security numbers, etc.
- Be wary of e-mail. Never click on any link to a bank, eBay, or other merchants. Instead, open a browser (not just a new window) and type in the URL yourself. When in doubt, call the institution using the number listed in the phone book, not one provided in the email or link.
- Avoid filling out forms in e-mail messages that ask for personal financial information.
- Practice good computer hygiene. Don't click on attachments from unknown email senders. Run both anti-virus and anti-spyware applications. Firewall and privacy protection software are also a good idea. Update this software, as well as your operating system, on a regular basis.
- Encrypt it or shred it. Use a crosscut shredder or burn documents containing personal information. Do not store PINs on your computer; lock them up or encrypt them.
- Ensure that you're using a secure Web site when submitting credit card or other sensitive information via your Web browser.
- Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
Report Phishing or spoofed e-mails to the following groups:
Family Travel Plan
Last but certainly not least, it's vital to maintain vigilance with family security
during the holidays. Many families travel during the holidays to visit relatives, but
it seems more and more of us are taking a break from relatives and traveling to warmer
and sunnier destinations to "re-charge the batteries" or just have some
exclusive "family time" during the holidays.
Whenever your family walks out the front door of your home they leave that zone of
protection that you have created. Many people are very good about finding the
"best deal" on hotel rooms and airfares, but the one thing that families
fail to do is discuss a family security plan when they are away from home. Take the
time to sit down with your family and discuss "what if" situations related
to your travel destination.
What if we're separated? (at the airport, hotel, and amusement park) Discuss with
your children the importance of hotel safety:
- do not open a door without knowing the person on the other side;
- make sure all windows and sliding doors are secure if they are accessible from the ground;
- children should not be allowed to wander the hotel grounds unsupervised. Do not leave them at the pool or gym unsupervised; these are prime targets for predators.
Be safe, secure and have a happy holiday.
About Scott R. Gane
Scott R. Gane,
CPP is the Regional Vice President of Initial Security's East Central Region.
Initial Security, is the fifth largest security company in North America providing
security services through its network of over 60 U.S. and Canadian branch offices.
Updated December 21, 2008