Just as many of us are winding down for a well-earned break, this is exactly the time of year when cyber criminals are ramping up their activity.
Last year’s festive holiday season was dubbed “CyberCriminal Christmas” as online fraud attempts spiked between November and January. But it’s not just retailers that need to be wary; businesses of all types need to be wary of letting their guard down. As an illustration, here are some specific risks to be especially wary of…
Malware disguised as e-greetings
It can be extremely tempting to open an e-seasons greetings card - and perhaps even follow the link from the email to read the message in full on a website. Likewise, staff might even be tempted to complete a detailed form to confirm their attendance at a fun-sounding Christmas party, even if they haven’t heard of the company.
Most malware attacks - and certainly all phishing attacks - rely on some form of action on the part of the recipient. The lure of a Christmas-y themed attack can be strong, even for the most security-savvy of employees.
Firms can counter this by specifically reminding staff of the importance of not opening communications from unverified sources. Your IT protocol is there for a reason, and Christmas isn’t the time to get relaxed about it. What’s more, if your email spam filters haven’t been looked at for a while, this could be the ideal time for a security review.
This is a time of out-of-the-ordinary transactions and purchases for many businesses, from corporate gifts being shipped to clients through to arrangements for the Christmas party. There is therefore increased scope for being caught out by “smishing” scams, whereby cyber criminals send out a fake SMS message (regarding shipment of an order, for instance) encouraging the recipient to click on a malicious link to track the shipment.
It’s further evidence that criminals are getting ever-more sophisticated in their attempts to catch you off guard. Email isn’t the only method hackers can use to compromise your system; so make sure SMS isn’t the weak link in your security chain.
Your staff hit the shops
This can be an especially problematic area for firms who operate a bring your own device (BYOD) policy, with inadequate measures to ensure business data is kept safe. Your staff hit the shops more frequently in the run-up to Christmas; they tune into Wi-Fi hotspots, despite the fact that these are favoured ‘scenes of crime’ for hackers.
You can counter this risk in a number of ways. You could, for instance, stipulate that business data must not be kept on personal devices. As an alternative, you could utilise a combination of mobile device management and containerisation (along with encryption) to shield business data and to render it unusable if it gets into the wrong hands.
Your office is on shutdown
In terms of physical infrastructure, make sure the essentials are covered; that non-essential equipment has been turned off, that the server room is properly ventilated and all cabinets are securely locked. You should also ensure that systems are backed up and all updates (especially antivirus software) are on schedule.
Most importantly of all, make sure your disaster recovery plan is in place and you have a rapid response service in place if something does go wrong this Christmas.