What you need to know to be prepared this holiday season.
Many people worldwide are beginning to prepare for the rush of shopping, festive gatherings, and visiting in-laws as the holidays ramp up.
Thanksgiving, with its four-day weekend, food comas, and doorbuster sales, is always a danger, and Christmas could be even more of a tempting target for hackers this year because it falls on a Saturday. The Saturday Christmas means many companies will observe long weekends. The Fourth of July weekend was notorious for the number of cyberattacks mounted this year.
The situation is so alarming that the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) recently released a bulletin specifically warning businesses about the cybersecurity dangers posed by the holidays. They warn:
The FBI and CISA highly recommend organizations continuously and actively monitor for ransomware threats over holidays and weekends. Additionally, the FBI and CISA recommend identifying IT security employees to be available and “on-call” during these times in the event of a ransomware attack.
Hackers don’t take a holiday.
“Hackers don’t take holidays. They thrive on holidays. For hackers, when everyone is out of the office and off the network, it’s like their own Christmas,” warns Tanner Roberts, an independent cybersecurity consultant in Denver.
Remember the basics
Much of what creates a secure holiday season is remembering the basics.
“It’s so easy to completely neglect basics when your mind is on the Christmas cards you need to send, the gifts you need to buy, and the plum pudding ingredients you need to shop for,” admits Roberts.
Roberts also recommends that companies have policies prohibiting holiday shopping on company computers.
“I don’t advocate a work environment that is like a police state. I understand people have coffee breaks and downtime, but they should shop on their personal devices. There’s too much that can go wrong when you have employees entering credit card numbers, getting email confirmation links for shipping, and so on, via company-owned devices,” emphasizes Roberts.
Password cleanse before the holiday.
Roberts says the holidays are an excellent time to initiate a “password cleanse.”
“People should change their passwords periodically anyway, but having everyone do it before we get into the holidays is a great extra way to put a cheap layer of protection over the season,” suggests Roberts.
User training is essential year-round. It’s become a relatively inexpensive, but effective tool.
“In the end, it still comes down to employees being vigilant,” Roberts says. He adds that hackers will likely be impersonating favorite retailers, couriers, holiday events, and payment services. With all this holiday cheer, it can be easy for someone to click an incorrect link inadvertently.
Threat from within
Another risk unique to the holidays are seasonal employees. This risk can be unintentional or nefarious.
“People may leave passwords written down on sticky notes so that seasonal employees have easy access to Wi-Fi and other logins,” Roberts shares. “That, in general, is a bad idea.” Also, seasonal employees may not be as well-trained as permanent staff.
“Seasonal employees won’t be as steeped in company culture as year-round staff. There may be a few looking to cause problems, and others may inadvertently blunder into a cybersecurity situation. Make sure the training for this cohort is robust and regular,” emphasizes Roberts.
Beware the new year
New Year’s Day is a big holiday too.
“But because it falls as the end of a string of holidays there is a lot of cyber-fatigue by that point. People often let down their guard right after Christmas thinking that they’ve made it. Hackers know that and may take advantage of sloppiness to launch an attack,” warns Roberts.
Stay alert and you’ll have a happy holiday season.
Barracuda Networks, Inc. attributed to this blog.