The holidays should be a time for peace on earth and goodwill towards all but unfortunately, that's not always the ...
The holidays should be a time for peace on earth and goodwill towards all but unfortunately, that's not always the case. Especially with cybercriminals that are looking to use this time of year to their advantage.
Longer periods of inactivity can cause cyberthreats to go unnoticed. Cybercriminals know that many employees are taking more time off and therefor they have longer to try to break into a system and stay undetected. Make sure you and your employees are shutting down when leaving the office, allowing updates to happen and it is also a good time of year to make sure you are changing passwords and using a password manager.
Computers are at a greater risk due to visitors, parties, seasonal workers and increased deliveries. During this season, parties and little get-togethers in the office take place more frequently. There are more seasonal workers in some industries and deliveries are at an all time high. If you’re opening doors to people who don’t normally work in your office, make sure that your hardware and systems are safe and behind locked doors when possible.
Employees who work remotely can be easier targets. Remote workers don't always have the same security levels as you have at the office. Especially those who don't use a company VPN. Make sure your employees have updated anti-virus and secured Wi-Fi when working at home. Make sure your policies are set and your remote workers understand security risks. If it is possible, have your remote workers set up with a VPN to access company data.
Online shopping is at an all time high during the holidays so scammers use this to their advantage. With Black Friday, Cyber Monday and all of the sales out there, fake shopping deals and offers become an easy way in. Cybercriminals design phishing emails offering deals, coupons and offers, prompting unsuspecting shoppers to click on malicious links. Train your employees to be on the lookout for these fake emails. We recommend phish testing and training to keep your team informed, educated and on the lookout.
Signing up for rewards and offers during the holidays can lead to password compromise. During the holidays, there are so many reward and referral programs which means it's harder to spot the fake ones. Hackers know this and set these up to try and capture shopper's common usernames, passwords, emails and even credit card numbers.
As the holiday season begins, make sure your cybersecurity layers are in place and that you share these seasonal scams with your employees. Make sure they are aware of the increased threats. For more information about cybersecurity awareness, check out CISA's article on Ransomware Awareness for Holidays and Weekends.