As you are enjoying your holiday festivities this year, make a note to stay extra vigilant. There are a horde of cybercriminal grinches working hard to steal your sensitive information and ruin your holiday time.
In this article, we will discuss the main cybersecurity threats that ramp up during the holidays and will make recommendations on how to overcome them.
Why is the holiday season particularly dangerous for cybersecurity?
Data security experts note that during the holidays, IT users at both home and work are engaged in more activities, which tends to reduce their attention to good cyber hygiene. Employees are also engaged in a high level of online activity involved in the purchasing of gifts as well as finishing tasks and projects at work before the year’s end. As a result, IT users are more apt to click on dangerous links or unwisely share sensitive information online or on the phone.
During the holiday season IT departments and cybersecurity employees are at their weakest as many workers are taking vacation time. Some companies are off the entire week between Christmas and New Year’s Day, which leaves the business more vulnerable compared with the rest of the year.
Cybercriminals know these key facts, too. The holiday time period provides more opportunities for their bad actions, and they take full advantage of it by ramping up their activities. A report by Semperis noted that 72% of cyberattack victims are targeted during holiday times and weekends.
What are some of the most common attacks this time of year?
Ransomware
Ransomware involves cybercriminals using malware to block a company’s access to some or all of its systems and then demanding a ransom to restore control. These attacks are especially dangerous for cloud-based businesses with mostly remote workers. Even though ransomware attacks have declined somewhat as a whole, these attacks rise dramatically during the holidays and on weekends. A stunning 86% of ransomware attacks occur during these time periods.
Data security experts note that one of the most sobering statistics about ransomware attacks is that even when the organization pays the ransom, they only get their critical data back about 65% of the time.
Phishing and Smishing
Phishing refers to the use of deceptive and enticing email messages to gain access to unauthorized networks and information contained on a company network. Smishing is the same type of attack using text messages on smartphones. In both types of attacks, the bad actor sends phony messages with attractive offers, information, and links that attempt to lure recipients into clicking on them. Once the recipient clicks on the message or offer, several types of malware enter the network. This malware enables hackers to obtain unauthorized access to sensitive personal, company, and client information.
Threat actors pose mainly as company leaders and decisionmakers during the year, but they adjust their attacks to also pose as retailers, gift card distributors, delivery companies, and charities during the holidays.
DDOS
Distributed Denial of Service (DDOS) attacks involve cybercriminals overwhelming company websites with bot-driven traffic that disables their servers and forces their website offline. Similar to ransomware, after a successful DDOS, the bad actor will demand money or other forms of ransom from the company to allow the companies to get their websites back online.
The holidays are the perfect time for cybercriminals to target company websites with these attacks, especially retailers, as this is the time of year when they do the most business.
Supply Chain Attacks
Cybercriminals know that holidays are an extremely busy time for retailers and other companies heavily dependent upon smoothly running supply chains. As a result, bad actors will take the time to find weak links in third-party vendors in supply chains to get access to the main organization’s network. These vulnerable back doors in the supply chain are a cybercriminal’s delight and have been used with devastating efficiency in nefarious cyberattacks.
What Can You Do to Protect Your Business and Your Own Information from Cybercriminal Grinches?
Update Employees on Holiday Cybersecurity Threats
In addition to your company’s regular messages on the latest cyber scams and threats, it makes sense to put out special announcements about increased hacker activity during the holidays. Your company should also remind employees to be extra careful during the season and be mindful of being distracted with their online or texting behavior. Your company should also encourage employees to report any cyberattacks they have encountered in order to make your entire staff aware of specific threats.
Screen Third-Party Vendors for Good Cyber Hygiene
Since bad actors spend a good deal of time and effort identifying third-party vendors of organizations for cybersecurity vulnerabilities, it is imperative for your company to carefully screen your third-party partners. Treat these companies as if they worked at your organization because their access to your network could provide cybercriminals a back-door entry into your company’s sensitive files. Before allowing them access to your network, ensure that you carefully screen these business partners with a comprehensive assessment of their cyber hygiene. Make it a point to discuss this important issue again with them before the holiday season.
Ensure Employees are Trained in Good Cyber Hygiene with a Special Session Before the Holiday Season
The greatest threat to company security comes from employee behavior. This is mostly because of poor cyber hygiene including improper email, internet, and texting behavior. Your company should invest in regular training and ensure that all employees are well-versed in how to detect and avoid cybersecurity threats. All employees should undergo mandatory good cyber hygiene training before the holidays.
The most important behaviors that must be emphasized in good cyber hygiene training: employees should never click or open any message or link that comes from an unrecognized source, never give out sensitive information via text message, and they should be suspicious of any texts from incomplete phone numbers such as “5000.”
Limit Access to Sensitive Data
Only users that need to access sensitive company and client information to do their job should be allowed access to sensitive information contained in the company network. Company leadership should make a point of regularly assessing who does and doesn’t need access to sensitive information and quickly shutting off access when it is not necessary.
Have a Strong BYOD Policy in Place That Employees Follow
In the era of increased remote work, especially during the holidays, it is critical to have a strong Bring Your Own Device (BYOD) policy in place when you allow your employees to use their laptops, smartphones, and other devices to conduct their work. This policy should include clear expectations and guidelines on safe email and texting behavior and proper app usage as well as advice on how to detect and report cyber threats.
Consult With a Trusted IT Partner
The most important recommendation we can give your company to deal effectively with the increasing threat of holiday cybercrime is to consult with a trusted IT partner like Network Depot. A reliable IT Security partner has the proven experience and expertise to recommend and implement the most effective cybersecurity policies and solutions for your organization.
By following the recommendations in this article, encouraging good cyber hygiene, providing proper training, and working closely with your IT partner, your organization will be able to overcome the enhanced cybersecurity threat during the holiday season and beyond.