The Christmas holidays are fast approaching, businesses alike are winding down and set out for a relaxing end to the year. However, one group of people are starting to pick up the pace, keen to work throughout the holidays and exploit what they have to offer. Cybercriminals across the world are gearing up as the Christmas period is a ‘feasting threat “period, according to security experts.
Cybercriminals consider the holidays to be a successful period to concentrate on their activities. It’s crucial for internet users to consider the risks related to online shopping and avoid behaviours that could reveal them to fraud.
Cyber security always matters – and Christmas is no different from any other part of the year. For most of us, the festive period means spending some time at home with our families, eating copious amounts of chocolate, having a few beers or glasses of wine, and generally just kicking back with our feet up. But for criminals, it’s an opportunity. All those empty offices and unattended computers are gifts just waiting to be unwrapped.
Even before Christmas starts, businesses are vulnerable. As staff become distracted by annual deadlines, office parties, their Christmas preparations and so on, they’re more likely to make mistakes. In their haste, they might, for example, open a link in an email that they would normally have checked. Before you know it, you can end up with a nasty malware problem.
Cyber dangers during the Christmas holidays
During the holidays there are environmental circumstances that could further expose Internet users to the risk of cybercrime.
Be aware of holiday phishing, especially on mobile devices. During that period, the number of malicious emails that serve malware as an attachment or that contains links to compromised websites increases. Mobile platforms and social media are becoming a privileged channels to spread phishing messages. Phishing messages propose special offers, taking advantage of the holiday period that’s characterized by a spike in online shopping.
Wi-Fi hotspots are dangerous hunting grounds for hackers. Users aren’t aware of the risks they are exposed to once they’re connected to insecure networks. Doing online shopping on these insecure Wi-Fi hotspots can ultimately expose user accounts to identity thieves and scams. Be aware, antivirus and similar software won’t shield you on an open network, hackers are over your shoulders.
Remote Working Isolates Your Employees
The shift to home working was very much sprung onto us earlier in the year, meaning organizations who weren’t already prepared had very little time to do so. Since then, organizations have had more time to adapt working practices and logistics to make remote working a more effective and comfortable task for their employees.
What cannot be controlled however is the fact that remote working isolates your employees, meaning that your organization relies on their individual skills and experience in identifying suspicious e-mails, websites, and phone calls. Without a good level of security awareness across the workforce, organizations are much more susceptible to suffering a breach.
Security Awareness Training and Testing provides comprehensive, online training to all employees and keeps you updated with those who are interacting with simulated phishing attacks. Additional support is provided to those who need it, meaning that your entire workforce shares a high level of awareness and vigilance towards cybercrime
Online Shopping Threats
One of the main reasons cybercrime rates increase around the festive period is due to the surge in online shopping. Traditions such as ‘Black Friday’, ‘Cyber Monday’ and Christmas shopping are flipped every year by cybercriminals to create believable attacks centred around false or declined payments, refunds, and special offers to trick people into revealing payment card details and other sensitive information.
‘Panic’ Clicking
In difficult times such as these, it is much more likely for people to be ‘panicked’ into clicking links or taking action on the back of a suspicious e-mail, phone call or request. This is especially the case when attacks are focused around the pandemic. Cybercriminals know what gets people clicking, and under current circumstances, this includes false developments in vaccine trials, new restrictions or government guidelines for the local area, or in a business sense, false orders of high value.
This particular attack is the most dangerous to your organization. False order or invoice attacks have been around for years and now hold much more weight due to the economic impacts of the pandemic. Receiving an e-mail out of the blue for a high-value order of your products or services can sometimes be too good to be true and should be treated very carefully for electronic security purposes.
Why is cyber security important for your business?
Reduced staff
December is the month of cookies, chocolate, and half your workforce going on vacation. That means thicker waistlines and thinner lines of defence as you juggle interim employees and reduced staff across the board.
Email avalanche
December and January result in a chaotic inbox cocktail: Christmas promotions, New Year wishes, (virtual) party invitations, online purchase receipts. Phishers know the situation well and will cloak themselves in the email avalanche. Even if staff are aware of phishing and other scam tactics, attention inevitably wanders.
How to stay safe online during the holidays?
Law enforcement and numerous organizations are sending alerts to internet users, cautioning them about cyber threats that are particularly serious during the holidays. Bad habits, absence of defence mechanisms, and a lack of awareness of major cyber threats expose users to the risks of fraud.
The following are a few suggestions to help increase the level of security of users’ online experiences, especially during holiday shopping:
- Keep anti-virus software up to date: Before you start shopping, make sure all software on your computer is up to date, including your browser, the security updates recommended by your operating system and other apps you may use. Make sure your tablets, phones and any other devices you use have appropriate security software and the latest operating system updates on them also.
- Check your bank statements and be careful when using debit cards. Be extra diligent when checking your bank and credit card statements and report any foreign transactions promptly.
- Don’t download apps for your mobile device from unrecognized sources. Always use official app stores such as the Apple App Store, Google Play and the Amazon App Store.
Have Cyber security strategies for Christmas office security
You can implement a specific Christmas security plan to reduce the effectiveness of attacks. This is not complex, but it is important to guard against any Scrooges eyeing your organization:
- Provide a best practice checklist for salaried and interim employees alike: phishing, IT security procedures, internet usage, etc. must be crystal clear.
- Evaluate resilience by checking your workstation patches and your Active Directory configuration. You may use a specific solution and ensure to have OS updated.
- Have backups. It is not enough to check the “success” status of your backup jobs – you must confirm that your backup files are resilient by testing a restore plan on specific systems.
Our Take
As we enter the festive period, we highly recommend that you consider corporate cyber security training for your staff if you have not already. Training employees and keeping them vigilant towards cybercrime is the best way to protect your organization and stop security incidents from happening and raise trust in office security.
At MA Services Group, we’ve been in the security industry for over 10 years in Australia. As well as providing physical security for events, businesses and individuals, we also provide security evaluations and risk assessments for businesses If you’d like to see what more can be done to protect your business from physical crime and cybercrime then contact us on 1300 02 04 06 today before it’s too late.
