Published 2019-11-12 by TechNet New England
The holiday season is the busiest time of year for many businesses, and for cybercriminals. Attackers know that companies are distracted, short-staffed, and processing more transactions than usual. That makes November through January prime time for phishing campaigns, ransomware attacks, and fraud attempts.
Why Holidays Are High Risk
Several factors come together to create a perfect storm for cyber threats:
- Increased email volume: More emails mean more opportunities for phishing messages to slip through unnoticed
- Shipping and delivery scams: Fake tracking notifications and delivery alerts are extremely convincing during holiday shopping season
- Reduced staffing: With employees on vacation, there are fewer eyes watching for suspicious activity
- Gift card scams: Business email compromise attacks often spike around holidays, with attackers impersonating executives requesting gift card purchases
- Year-end urgency: Pressure to close deals and process payments before year-end can lead to shortcuts in verification procedures
Practical Steps to Stay Safe
Review Your Email Security
Make sure your email filtering is up to date and properly configured. Remind your team to be extra cautious with unexpected emails, especially those with urgency language like "immediate action required" or "account suspended."
Verify Payment Requests
Any request to change payment information, wire money, or purchase gift cards should be verified through a separate communication channel. Call the person directly using a known phone number, not one provided in the email.
Update and Patch Before the Break
Apply all pending security updates before staff leave for holiday breaks. Unpatched systems sitting idle for a week or two are easy targets for automated attacks.
Check Your Backups
Verify that your backup systems are running correctly and that you have recent, complete backups of all critical data. Test a restore to make sure backups are not corrupted.
Set Up Monitoring Alerts
If you do not have 24/7 monitoring, at minimum configure alerts for unusual activity such as failed login attempts, after-hours access, or large data transfers.
After the Holidays
When your team returns, take time for a quick security check. Look for any alerts that came in during the break, verify that all systems are functioning normally, and remind employees to report anything suspicious they may have received over the holidays.
A little preparation goes a long way. If you want help reviewing your security posture before the holiday season, contact TechNet New England for a security assessment.