The holiday season is a time for celebration. Unethical hackers and thieves also see it as a time for celebration for a different reason. Protect Your Business
We are all excited that November is here, and the holiday season is upon us. The Wednesday before Thanksgiving is filled with festivities at many companies. Many businesses are closed or operate with a skeleton staff on Black Friday.
Cyber Monday is a big shopping day on the internet, often from work!
Then we head into December and get ready for Christmas and the New Year. A lot of people use their vacation time during the month of December. There are lots of office parties and events. The day before and after the holidays usually mean a lighter staff than normal and people are a little more relaxed than normal.
There are lots of sales online and offline that everyone takes advantage of.
Lots of fun, food, laughing and good times, and sales.
There’s another group of people who are excited about the holidays, but not for the same reasons.
The unethical hackers and thieves are ready for the holiday season because this is when we tend to let our guard down.
Some of the largest compromises and breaches occur immediately before or after a holiday, or on the weekend.
Phishing attack success rates go up because the attackers use sales and other holiday-themed emails and text messages to bait victims.
A report released by Infoblox in 2019 showed that 31% of retail IT professionals saw an increase in cyberattacks during the holiday season. This often presented itself as phishing websites.
15% reported an increase in social media scams and 11% reported an increase in ransomware incidents.
Healthcare Practices are increasingly targeted right around the holiday as well. Several larger HIPAA breaches were reported immediately before or after a major US holiday.
What Methods Do Attackers Use to Compromise Companies During the Holiday Season?
Here is a list of some of the more common methods for attacking businesses during the holiday season. The success rates increase because of a relaxed and often thinly staffed office environment.
- Infected Websites – Websites are compromised, and malware is installed. Unsuspecting internet browsers visit these websites and inadvertently install the malware on their computers.
- Social Engineering – You’re more likely to hold the door for an overloaded delivery person during the holiday season. It’s human nature and seems plausible that a delivery person would have more packages to deliver during the holidays.
- Phishing Campaigns – Similar to Social Engineering people are more accepting of promotional emails, credit card alert emails, and other holiday-themed emails. Remember, phishing can occur over SMS (Smishing) and a regular phone call (Vishing).
- Ransomware Attacks – With increased phishing attacks the chances of a ransomware attack also increases. Remember, 90% of all ransomware attacks begin with a phishing attack.
- Unlocked Computers – Employees are getting up to grab a few cookies or some lunch that the company paid for. They only expect to be gone for a few minutes, so they leave their computer unlocked. Remember that delivery person you let in earlier?
11 Ways Your Company Can Prevent Being Hacked During the Holidays
We put together a list of things your business can do to decrease your risk of being breached during the holiday season.
It’s important to understand that there is no foolproof method of preventing being breached. You can significantly decrease the likelihood of becoming a victim with these steps.
Cyber Security Awareness Month just wrapped up so hopefully, you took advantage of all the freely available materials to train your employees.
- Educate yourself and employees. Education is the best method to prevent compromises. If your employees know and expect phishing emails, social engineering attacks and infected websites they will remain diligent during the holiday season.Teach employees how to recognize phishing emails and how they may be presented. Make sure they know and understand how to report incidents (even if it might seem minor).And test them!
- Perform a vulnerability scan – find out where you might need to fix issues before someone else does.
- Document and remind employees of policies regarding allowing people into the office and what to do if a non-employee tries to enter.
- Consider blocking social media, personal email sites (Gmail, Yahoo, etc..), and shopping sites.
- Make sure staffing levels are appropriate to meet the demands of the workload.
- Don’t click on unsolicited links. If you must confirm something manually type the website address into your browser window.
- Do not connect to guest/public Wi-Fi. Use a hotspot provided by your cell phone carrier. Most cell phone carriers now allow you to use your smartphone as a hotspot.
- Don’t overshare on Social Media. Do not click on suspicious-looking links on Social Media.
- Ensure all devices have security, preferably biometric. Lock laptops, smartphones, and tablets whenever they are not in use.
- If you don’t have a business continuity plan get one. If you do test it.
- Ensure your Operating Systems (Windows, Apple, Linux, Android), Software (Adobe, Microsoft, Browsers) and Network equipment are updated/patched.
Happy Holidays Hopefully!
We don’t enjoy being the Negative Nelly of the holidays, but we also don’t want to see our small business friends fall victim to cybercrimes that are preventable. We hope that you can enjoy this festive time of the year while maintaining your business’ data security and reputation.
Of course, let us know if we can assist in any way!