Dec 1, 2022
When you think of the holidays, you think of spending your time with loved ones, gift-giving, and holiday cheer. So do cybercriminals: they just think about it differently. Traveling to spend time with family and friends means homes and offices are empty while individuals are distracted. Email inboxes become overloaded with holiday deals and messaging and frazzled consumers can quickly become confused, and thus more susceptible to fraud. This year, in particular, it’s especially important to remain vigilant against cyber attacks as both the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) both warn of an increase in these kinds of malicious attacks that typically begin just after Cyber Monday. Now that Thanksgiving and Cyber Monday have passed, it's crucial to ensure that your business is protected from cyber attacks.
Much of the cybercrime that happens to businesses both small and large occurs between Thanksgiving and New Years.
Cyber crime doesn’t just happen during the extended Christmas season, there is often a spike in this kind of crime during every long weekend of the year (think: Memorial Day, July 4th, etc.) when businesses are typically closed and employees are not at work. During the holiday season, there's less staff on hand to monitor networks since many businesses operate at a reduced capacity, according to intelligence officials. This means that it is more difficult for businesses to react quickly to any kind of cyber attack, which means that criminals will have more time to find your company’s weaknesses. In addition, there are frequently fewer IT security professionals on hand to handle cyber crime during the holidays, or they may not be as readily accessible. Because cybercriminals will always make sure that they take advantage of times when employees and employers are most distracted, the following tips to make your holiday season as secure as possible.
Every other tip on this list is essential to keeping your business safe from cyber attacks, but none more so than making sure your employees aren’t your business’ weakest link. Email remains a necessary part of normal business operations but also opens your business up to phishing email scams, one of the main ways that cyber crime takes place during the holiday season. During a time when everyone is busy buying many presents online, especially as online commerce has become the major way that individuals shop in a pandemic, criminals can easily disguise a phishing email as a holiday promotion, an order confusion, or even, as with a wide-spread attack in 2018, an Amazon order confirmation. All it takes is one moment when an employee is distracted by holiday multitasking to click on a suspicious link that they otherwise may have recognized to infect your business’ network with malware. To combat this, make sure that your business has a strong culture of security so that secure online practices are second nature, even during busy and distracting times.
To avoid any holiday disasters, remind your employees to only open links from sources only from senders they recognize, and to stay vigilant in their search for suspicious emails that include typos or sloppy grammar. In the case of something like an Amazon notification, it’s always best to go back to the Amazon website or app and check on an order from that location.
Due to the increased prevalence of working from home, 2021 has seen a 207% year-over-year increase in malware attacks due to email attachments. According to a Netskope Threat Lab report, 43% of infected downloaded malware came from malicious office docs in Q3 of 2021. These are attacks that often include an infected macro embedded in a Microsoft Office document, Google Drive file or PDF. Best practices to avoid these hard-to-detect attachments are to make sure anti-virus software is installed on any business computer and that all your software is up to date.
Alongside maintaining robust, up-to-date anti-virus software, employees and employers alike need to get in the habit of changing passwords often. This is true for all business accounts and passwords, but especially during the Christmas holiday season, this is particularly critical for all retail and consumer passwords that your employees might use: according to the Better Business Bureau (BBB), many cyber scammers impersonate mobile apps from major retailers, gaining access to sensitive information and using that to gain access to an individual’s whole trove of information, including possible passwords for your business. Learn more about Milner’s best password practices or reach out to our team for any help with passwords.
While we would all like to avoid a cyber breach as much as possible, attacks do happen. Developing a business continuity plan in case of an attack, just as you would for any other potential disasters like floods and earthquakes, can help your business recover and resume operations quickly after a cyber disaster or other major disruption. As part of your action plan, you should partner with an IT expert to restore data and system security, alert stakeholders, and describe the next steps. Download our business continuity checklist to see if your business needs help developing a plan.
There is no such thing as a perfect cybersecurity plan, but as cybercriminals improve their techniques and as our culture continues to embrace the digital sphere, it becomes more and more important for businesses to develop a plan in case of a data breach. Because we only hear about cyber breaches in the news when they happen to major retailers, it’s easy to forget that they happen every day to small and midsize businesses too.