Businesses must Beware the Cyber Grinch this Christmas
Last updated December 2023
As the festive season approaches, it’s crucial for SMEs across the UK and Ireland to turn their attention to a less cheerful, but critically important aspect of the holiday season – the notable increase in cybercrime. This time of year, with its significant spike in online transactions and communications, presents a golden opportunity for cybercriminals.
To put it in perspective, a 2022 survey by the UK’s Labour Party revealed that online fraud, or cybercrime, was expected to cause users to lose around £80 million over a period of 10-15 days during Christmas 2022. While in Ireland, CWSI reported that 54% of Irish companies experienced a rise in cybersecurity breach attempts over the last year.
Here are some helpful tips to ensure those cyber grinches don’t wreak havoc on your organisation this Christmas.
Invest in employee cyber awareness training
In the fight against these digital threats, your employees play a pivotal role. They can either be your first line of defence or your weakest link.
2022 research shows that seven in 10 employees shop online while at work. Not only can this negatively impact productivity, but it also exposes your business to
The holiday season poses unique challenges: seven in 10 employees, often caught up in the festive spirit, have admitted to indulging in online shopping during work hours, using company devices or networks. This behaviour significantly increases the risk of encountering malicious websites or falling prey to sophisticated phishing scams.
Moreover, as the year winds down, employees are likely to be distracted, rushing to meet end-of-year deadlines or preparing for the holiday break. This haste can lead to lapses in usual security practices, such as not scrutinising emails carefully, which could make them more susceptible to deceptive cyber-attacks.
To counter these risks, cyber awareness training is crucial. In response to growing customer demand, we recently launched a dedicated employee cyber awareness training workshop, equipping businesses and their teams with the knowledge to identify and thwart cyber attacks, placing particular emphasis on identifying phishing emails and secure online practices.
Review your strong password policies
If you haven’t done it in a while, now would be a good time to review and reinforce strong password policies. This involves not just setting rules for creating complex passwords but also ensuring these passwords are changed frequently. Complex passwords typically combine letters, numbers, and special characters, and are not easily guessed.
Multi-factor authentication (MFA) is something we should all be familiar with by now. By requiring a second form of identification beyond just a password, MFA significantly decreases the chance of unauthorised access. This could be a text message code, a biometric verification, or a token.
Equally important is educating employees on the use of password management tools, which is why it’s included in our cyber awareness training. These tools store and organise passwords securely, reducing the risk of password-related breaches.
Use secure Wi-Fi protocols and VPN
With many companies still operating remote and hybrid working policies, unsecured Wi-Fi networks pose significant risks, especially for employees who might connect to public networks in cafes or hotels. These networks are vulnerable to eavesdropping and hacking, as they often lack strong encryption, allowing cybercriminals to intercept data. To mitigate these risks, using secure Wi-Fi protocols and Virtual Private Networks (VPNs) is crucial. VPNs encrypt internet traffic, ensuring data remains confidential and secure from potential interception. Emphasising the use of VPNs and secure connections for remote workers is key to safeguarding sensitive company data from cyber threats.
Update software and patch management
Cybercriminals often exploit known vulnerabilities, particularly targeting busy periods like Christmas, when they expect security vigilance to wane. Ensuring that all systems and software are up to date with the latest security patches can close these vulnerabilities. A comprehensive patch management strategy, therefore, is essential not just for maintaining day-to-day security but also for fortifying defences during the high-risk festive period.
Check your antivirus, firewalls, and secure backups
Critical throughout the year, antivirus software plays a critical role in detecting and neutralising holiday-themed malware and phishing attempts. Firewalls act as vigilant gatekeepers, especially important when festive online traffic increases, preventing unauthorised access. Secure backup systems are indispensable for data recovery, a safety net against the heightened risk of cyber-attacks during this busy period. Together, these tools create a fortified defence, ensuring your business remains secure and resilient amidst the festive season’s cyber threats.
Comprehensive incident response plans
Despite our best efforts, it’s vital to acknowledge that no system is impervious, and the risk of a breach remains, especially during Christmas, and businesses must prepare for the possibility of a breach. This includes having incident response plans and continuously monitoring for unusual activity. Planning for these risks ensures businesses remain resilient and can swiftly respond, even if a hacker manages to penetrate their defences during the festive season.
As we wrap up (pun intended), remember that the festive season, while a time of joy and celebration, also brings an increased risk of cybercrime. But with the right measures in place your organisation can stay protected. This way, your business is not only prepared to celebrate the season but also to defend against any cyber grinches looking to disrupt your festive cheer. Stay vigilant, stay informed, and have a safe and secure holiday season.