6 Steps to Keep Your Business Cyber Secure Over the Holidays

Written By Ellie Rands

As we get closer to Christmas, businesses can expect to see a spike in cyber-attacks. Attackers are well aware that you may be busier than normal, rushing to hit end of the year deadlines and staff may either be away or distracted.

IT Governance logged 134 security incidents in December 2020, resulting in over 148 million breached records. British firms hit by attacks included Transform Hospital Group, People’s Energy, Exmo and East Devon Council. Amongst the chaos of the Holidays, December is a hard-hitting month for cyber attacks as shown by the cyber attack that affected 300 SPAR stores this week. Only some of their stores were able to stay open, by switching to cash payments only.

The chaos of the Holidays creates broader opportunities for attackers to work their way into your business’s systems. There is no need to panic about cyber security in the run-up to Christmas, but there are some simple steps you can take to maintain your cyber security posture over the holidays.

 

Secure your payment systems

If e-commerce is part of your business, securing your payment systems in time for Christmas shopping is essential. Card skimming, where attackers intercept and create copies used at online checkouts, becomes increasingly popular around this time of year due to the increase in online shopping. The National Cyber Security Centre is advising businesses to update Magento to patch a vulnerability that attackers have used to steal customer card details from over 4,000 UK retailers. Whilst there is not a sure fix for preventing card skimming attacks, there are a number of measures you can take to protect your customer's data:

-        Choose third party payment providers that are PCI DSS compliant.

-        Verify the integrity of your provider and make sure to contact them and ask them to answer any queries or concerns that you might have.

-        Make sure to apply software updates as soon as possible.

 

Be Aware of Phishing

Phishing is an issue all year round, however, Christmas providers attackers with new approaches. The increase in online shopping allows attackers to send fraudulent emails claiming to be from delivery companies with the aim of tricking users who are already panicking about gifts being delivered on time to either provide personal information or click a link that downloads malware. Royal Mail, DHL and Amazon are commonly imitated at this time of year. You should also keep an eye out for eCards sent from people you don’t recognise. Although it is most likely that your staff are already informed of the red flags to look out for, it is worth refreshing their memories at this time of year. Amongst the avalanche of festive emails, they may absent-mindedly fall for a scam.

 

Plan for Reduced Support

You should prepare for key members of IT staff to be away on annual leave over the holidays, whether you have an in-house IT department or you use a third-party provider. Reduced numbers mean staff who are already pushed for time have more work to cover, and consistently monitoring your systems could become more difficult, this goes for internal and external teams. Attackers know that depleted teams could mean a decrease in monitoring, meaning their presence on your systems might go undetected. Make sure your IT team or third-party provider is briefed on who is responsible for what to avoid any confusion in a crisis. You can assist the remaining team by covering the basics and decreasing the amount of low hanging fruit available to attackers. This includes keeping up with software updates, implementing MFA where possible and maintaining strong passwords.

 

Implement a Change Freeze

You can also help out your IT team or provider by implementing a change-freeze in the run-up to Christmas to reduce vulnerabilities available to attackers. Significant changes to business operations could create holes in your cyber security strategy. Where possible, save any business re-structuring or implementation of new technologies for the new year rather than rushing to make changes before the Holidays.

 

Remind Your Distracted Staff About Cyber Security

Your employees may understandably be distracted in the run-up to Christmas. Balancing the rush to meet deadlines, attending Christmas events and making sure shopping is done on time means that staff are likely to value business functionality over security at this time of year. When your staff are rushing around mistakes could happen, and attackers are hoping that busy employees will miss common red flags. Although it’s information they’ve probably heard before, this is a good time of year to remind individuals to look out for phishing emails, ensure they are using strong passwords and make sure staff are updating their software when new versions become available. Warn staff to be careful about using Christmas desktop backgrounds. Last year there was a growth in Christmas desktop bundles that concealed malware. Employees should never download zip files from an unidentified supplier.

 

Identify Who Your Emergency Contacts Are

Before you wind down for the Holidays, make sure that you let the necessary people know that they need to be accessible during an emergency. It’s important to make sure that you have access to updated contact information for any staff members or providers that you might need. Be aware you may need to adapt your plan if staff are going to be travelling abroad and may not be contactable. You should also identify the responsibilities that lie that each individual, and what tasks can be delegated if you're unable to reach a specific individual during a crisis. Key staff that should be contactable over the Holidays include your senior management team and your incident response team. The staff that make up these teams should be provided with current buildings codes and relevant passwords. It is also a good idea to make sure that your disaster recovery and business continuity plans are up-to-date so that they are ready to use. Having plans were designed for previous systems and devices will cause confusion and this could hinder the recovery process.

 

Have a Happy and Secure Holidays

These steps will help to maintain your cyber security posture over the Holidays so that you can relax and enjoy a few days off. If you do have any concerns or run into a problem, please contact Wolfberry for help and advice.

Happy Holidays!

 

For further information on last December breaches, please see the following IT Governance blog: List of data breaches and cyber attacks in December 2020 (itgovernance.co.uk)

Ellie Rands
Previous

Log4j Update
Next

URGENT UPDATE: RE Microsoft Exchange Servers