It’s beginning to feel a lot like (Cybersecurity at) Christmas

Santa claus using a laptop sat down on the floor by a Christmas tree

You might be looking forward to Christmas this year. Sadly, so are the cybercriminals who are feeling positively festive about using your disrupted working conditions to steal your data.

Staff checking work systems through train station or airport Wi-Fi with bad security. Too many emails to properly check over the Christmas period. Fewer staff in the office.

There are a lot of opportunities in the way we sometimes work over December and January make them a rich feeding time for cybercriminals.

Here’s what to do if you’re worried about your cybersecurity this Christmas:

Why is Christmas a risky time for cybersecurity?

£13.5 million. That’s how much the National Fraud Intelligence Bureau has stated companies lose to online shopping fraud alone over the festive period every year.

Cybercrime is on the rise all over – especially ransomware and phishing attacks. The conditions around Christmas make it especially risky because of:

1) Staff working remotely

That train station or airport Wi-Fi is very unlikely to be secure. Even if they’re using your company’s VPN (Virtual Private Network), the increase in activity – and from random locations – is going to be stressing your security systems.

This year, with people starting to work from home because of the pandemic (again), the situation has only become more challenging for your team members in charge of monitoring the situation and inspecting all of the traffic.

2) Reduced staffing levels

Not only that, but you are bound to have more team members off at this time of year than almost any other few months together.

Those reduced staffing levels mean there are fewer people on watch on the cybersecurity front too. For some companies, this might even mean temporary staff being called in for cover, further endangering the security situation.

3) An overload of emails

Christmas party organisation chats. Seasonal special deals and offers. Receipts for their latest online shopping purchase of that final – definitely the last – last-minute Christmas present they forgot they needed to get.

Every member of your team – and you too, probably – will be battling a deluge of emails at this time of year. For a hacker, this is a golden hunting ground. Even if your team know how phishing emails work, the sheer number of faintly dodgy emails makes the situation much more fraught.

What to do about your cyber security this Christmas

There are a couple of pretty basic but vital things you need to do to maximise your cybersecurity this Christmas (and throughout the year):

1) Get some staff training

Most cyberattacks get through because of human error. Phishing attacks are probably the most common, so training your team in phishing awareness and other best practices – the need to always use secure Wi-Fi connections, for example – is vital.

If you’ve already given them training, the run-up to Christmas is the ideal time for a little refresher. You should also check the cybersecurity knowledge of any temporary or agency staff.

2) Update your software

Keeping your software up-to-date is cybersecurity 101. Having everything patched and updated to the latest standard ensures that the latest cybersecurity threats have been taken into account.

Updating leaves you with the best possible protection. Even if it’s annoying, it’s infinitely worth it.

3) Set up your backups

Make sure your back-ups are up and running. Then test them. Try testing a restore plan on a system to make sure it actually works and nothing is being left out.

4) Use multiple passwords

Using the same password for everything is a recipe for disaster. So is only using single-factor authentication like just a password. Don’t get us started on using an easy-to-remember password like a pet’s name plus a random number.

You want to make sure you have MFA (Multi-Factor Authentication) or at least 2FA (Two-Factor Authentication) set up. You also want to make sure your passwords are randomised and different for every account you have.

Don’t worry. No one can remember all those passwords. That’s why it’s best to use a password manager – LastPass is easy to use. These will even generate sufficiently strong passwords for you, leaving you nothing to do but luxuriate in your suddenly boosted cybersecurity levels (and remember your one master password).

Don’t give cybercriminals a gift this Christmas

Christmas might be a time of giving, but there’s no reason to extend your generosity to cybercriminals this year.

Be aware of the ways that the festive period can make your business more vulnerable to cyber threats and take at least these basic steps to ensure you’re doing what you can to keep yourself and your customers secure.

Need a little professional help with your company’s cybersecurity this Christmas?

Let’s chat. Dial A Geek already helps nearly 1000 businesses in and around Bristol make sure they are protected all year round.

Set up a commitment-free chat with Chief Geek Gildas Jones today and let’s talk through how we can keep your business safe.