‘Tis the season… for cyberattacks!
You could say the official marker for the start of the holiday season is when you hear the sweet sounds of bells and harmonious holiday music. But, regardless of when you deem it to be the official start of the festive season, be assured that this is truly the most wonderful time of the year for cybercriminals. Is your company ready to face the not so merry impacts of potential cyber-attacks?
Here are some of the top reasons why cyberattacks increase during the holidays and what you can do to protect yourself and your business:
-
Increased Online Shopping and Buying: With increased shopping comes increased likelihood for scams through fake links, charities, and more.
- What you can do:
-
Make sure to install an antivirus software or an added VPN for increased security, especially when using wi-fi in public spaces.
-
Only shop through trusted sources–this means using reputable and established vendors.
-
Avoid clicking on links or downloading attachments from unknown sources, and never provide passwords or bank information to unauthorized sources.
-
Use safe methods for purchasing online, such as using credit cards instead of debit cards and checking bank or card statements for any fraudulent activity.
-
-
No contingency plan in place: What is your plan if you are the victim of a cyber-attack? The reality is that many organizations, businesses, and individuals lack a contingency plan year-round — much less during the holidays.
- What you can do:
-
Make sure you learn more about monitoring your accounts, software and applications to identify potential threats.
-
Implement tools and monitoring that can automatically detect unusual behavior and running security checks. If you are working with a team, you can also provide them with a guide to follow and stay safe. For example, remind your team to watch out for suspicious emails or links that can breach security.
-
Practice your plan BEFORE you need to activate it! Many companies that do have a contingency plan, put it on the shelf and don’t review or practice until they are in an event, which then if of course, too late.
-
-
Job Satisfaction and Burnout: The rush of the impending new year, vacation, and final projects, emotions start getting the best of us and can result in an end of year burn out, and in some cases, employees become dissatisfied with their jobs, therefore lacking interest and motivation. Which in turn, allows for attacks and opportunities for threats.
- What you can do:
-
Humanly speaking, it may be best to let your employees know you care and that cybersecurity will be a number one priority going forward, and not just when an attack happens.
-
While it may be too late to implement a new cybersecurity plan this month, do make sure employees add two-factor protection/authentication, alert them to various phishing emails, especially ones that seem to come from bosses and managers during this time without asking first.
-
Alert employees to “white hat hackers” that operate on a human level – acting as recruiters promising new jobs, taking meetings with people outside of the organization who are collecting information on you and the business.
-
-
Job Vacancies: Similarly, the holiday season is the time where many employees are out of the office or out of town, so there are many devices and accounts left unattended. With fewer staff, suspicious behavior is less likely to be detected.
- What you can do:
-
Make sure to implement usage of strong passwords and added security measures, such as an added quality VPN to prevent malicious activity while being away.
-
Hire additional seasonal 24/7 monitoring services of freelance security experts for the holiday season to monitor online activity to avoid having to call your employees when an attack does happen.
-
In addition to strong passwords, implementing MFA should be part of your plans. Once implemented, if employees did not attempt to log in, they can simply choose to ‘ignore’ the MFA request helping prevent a potential adversary from accessing their account.
-
Organizations should consider their out-of-office auto-response policy. If an adversary is phishing for valid email addresses within a business, auto-replies are a mechanism that allows them to quickly validate a legitimate email to target.
-
-
White Hat or Human Hacking: One form of hacking least thought of is that of “White Hat hacker” or “human hacker.” These hackers are 100% human and work to gain the trust of others by being “one of them”. This is an extremely dangerous type of hacking as it has a high success rate.
- What you can do:
-
Overall, make your employees a priority all year, but especially at the end of year, and be vigilant to burnout and dissatisfied employees by adding extra security to avoid pulling them away from their time off.
-
Make sure to introduce the concept of human hacking and examples of red flags and who and when to report.
-
Hire a security expert to come in to review potential threats with real-life examples to help employees understand that it goes beyond clicking on a link.
-
Stay Vigilant and Happy Holidays!