Christmas is a time where many of us wind down and take time away to spend with the nearest and dearest. However, this is also a time where cyber attackers plan their next attacks on organisations, taking advantage of people being away from work and leaving their businesses unmanned, with weakened cyber security.

What kind of precautions can you take to protect your business during the festive season?

For cyber attackers, any opportunity where a business is less prepared or around to manage their IT is the perfect time to strike a successful cyber attack. Therefore holidays like Christmas, are the perfect opportunity for cyber attackers to plan their most vicious attacks.

However the holidays are not just a huge cyber security risk to businesses and organisations. End-users who are taking advantage of the seasonal sales, discounts, offers and competitions are also putting themselves at risk of phishing scams or malware advertisements. This is a time where end-users are highly distracted, and this distraction leads to letting our guards down which could allow one of these malicious scams to slip through.

For some businesses, the holidays mean fewer staff who are around to manage and look after their cyber security. When businesses start to wind down for the holidays, cyber security is often overlooked as everyone is busy working on projects and preparing things for the New Year. Therefore, with less staff around to ensure that your IT is up-to-date and patched with the right firewalls, configurations and malware protection, it could increase the risk of your businesses falling victim to a cyber attack.

The most common types of cyber security risks during the holidays:

 

$

Phishing emails

$

Ransomware

$

DDoS (Distributed Denial of Service)

$

Password breaches

$

Data breach

Phishing emails

During the winter season, end-users tend to be quite “click-happy” and may not monitor and scrutinize their emails as closely as they normally would (1). For that reason, attackers will take advantage of sending out malicious emails that imitate other marketing emails that trusted organisations have been sending out.

Ways to protect yourself from a phishing attack:

 

Z

Do not download or click on any attachments

Z

Phishing email filtering

Z

Cyber security training

Ransomware

One of the most malicious types of threats to organisations is ransomware attacks. Over the years these attacks have become more sophisticated and difficult to recognise as malicious. The way in which these attacks work is by enticing users to click on their link or phishing email which will trigger a malicious web code to be released.

Ways to protect yourself from a ransomware attack:

 

Z

Use strong passwords and two-factor authentication

Z

Phishing email filtering

Z

Whitelisting

DDoS (Distributed Denial of Service)

DDoS threats also increase during the holiday season as the majority of shoppers will be taking full advantage of online shopping, particularly because of the pandemic. There are many ways to protect yourself from a DDoS threat including carefully managing and monitoring your website traffic. In addition, businesses have been advised to avoid using JavaScript on their websites as it “validates input such as credit card numbers and other personal information” which has raised security concerns (2).

Ways to protect yourself from a DDoS cyber threat:

 

Z

Set a traffic threshold limit

Z

Keep your cyber security infrastructure up-to-date

Z

Consider using a cloud-based DDoS protection solution

Password Breaches

A common method that cyber attackers use to compromise users is by breaching their passwords. It requires minimal effort and can cause significant damage to your data and business. The IBM Cost of a Data Breach Report 2021 found that compromised credentials were the most common initial attack vector which has accounted for 20% of breaches in 2021 (1).

Ways to protect yourself from a password breach:

Z

Use complex passwords and a different one for all accounts

Z

Limit the number of times you can type in the wrong password

Z

Two-factor authentication

Z

Change your passwords regularly

Data breach

Data breaches are an ever-growing cyber security threat for businesses across the globe. The implications and financial consequences of this cyber threat can be extremely detrimental to any business.

These breaches can occur intentionally or unintentionally.  For example, an employee may accidentally share data that they didn’t have permission to. With people becoming more distracted by the busy holiday season, they are more willing to share their data with third-party organisations which could lead to a data breach.

Ways to protect yourself from a data breach:

 

Z

Use complex passwords

Z

Two-factor authentication

Z

Check your statements for unauthorised charges


 

As we all begin to slowly wind down for the holidays, please don’t overlook your cyber security as the risk of cyber security threats spikes during this time of the year. Cyber attackers will be on the lookout for organisations with weakened cyber security infrastructures and those with vulnerabilities that they can exploit. If you need someone to help manage your cyber security in the run-up to Christmas, speak with our cyber security specialists by calling 0121 289 4477.