Don’t let the Grinch Steal your Christmas, follow our 10 Tips to keep your organisation safe during the festive period!
Cybercriminals don’t take a holiday. With the festive period fast approaching, most people are thinking about how they will be enjoying the holiday time with their families. The Christmas period tends to also bring greater cybersecurity risks to businesses as many are closed or are operating with a skeletal crew. Unsupervised IT networks and systems during the holidays provide a great opportunity for cybercriminals to attack.
“In the last twelve months 39% of businesses and 26% of charities report having suffered cybersecurity breaches or attacks.”
www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021
Unfortunately, opportunists spend their Christmas attempting to breach data and jeopardise organisations – so we have come up with ten top tips to stay safe and prevent this from happening to your business.
Tip 1 – Staff Training Refresher
Employees can be distracted during the holidays so it’s a good time to refresh staff training. Ensure all of your staff are educated and fully aware of the potential threats and know how to recognise basic attacks. This can help employees recognise and avoid clicking on suspicious links that they may receive in an attachment from an email or message. Often during the holiday season these can also be disguised as E Christmas Cards or that last minute help request email to “help the CEO to pay a forgotten invoice”. Before you know it, you can end up with a nasty malware problem or have even transferred funds to a hacker.
Tip 2 – Look out for Phishing Emails
Phishing attackers disguise themselves as a reputable person in an email. Emails are sent that contain malicious links or attachments, with the aim of extracting login credentials and account information. This threat exists all year round but is more common during the holiday season as employees are also more likely to visit shopping sites while connected to their company network.
Tip 3 – Report Phishing Emails
If you do receive a suspicious email or text message report them. Send them to the Suspicious Email Reporting Service: report@phishing.gov.uk and forward any suspicious text messages to 7726, this will help to combat cybercrime.
Tip 4 – Email Encryption and Security
Ensure your emails are fully protected. Email encryption is the industry standard for data protection. Whether you are sharing a document with colleagues such as payslips or negotiating a confidential client deal, it’s essential to use the best email encryption available to ensure you are safeguarded.
As our email accounts are one of our most important digital assets, we cannot depend on the bare minimum-security controls to keep them protected. Email continues to be the number one cyber-attack vector across the globe (especially during the festive period), businesses need to be strengthening their email security measures to prevent the risk of being compromised. Cloud Email Security can prevent malicious emails reaching employees.
Tip 5 – Use Multi-Factor Authentication
When it comes to password policies, employees all too often use pet names, their date of birth, or family names. We recommend using multi-factor authentication wherever possible, it gives that additional layer of security. Multi-factor authentication will enhance your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-timecode sent to your phone or mobile device.
Tip 6 – Keep Software Updated
With employees slowly winding down for the holidays, it’s easy to forget to update your systems with the latest software. However, it’s critical that you always maintain the latest versions of your operating systems, as using an outdated version can lead to security risks. Cyber-criminals can spot open vulnerabilities, in fact, with your devices updated and patched you are less likely to be affected by a cyber-attack, as around 70% of cyber-attacks exploit known vulnerabilities.
An updated or patched server or PC is less susceptible to malware and other viruses, so it’s key to have a patch management strategy in place, so your devices are always updated, stable and secure.
Tip 7 – Back up your Data
Many businesses think a cyber-attack “won’t happen to me” , however Cyber-attacks are on the increase and organisations are more vulnerable during the holiday period. A recent report by the Institute of Directors (IoD) revealed that 56% of businesses wouldn’t be able to survive a cyber-attack.
If you lost your critical data, what would you do? If you do not have backup, chances are it would destroy your business! Having a good disaster recovery and backup strategy is strongly recommended to help your business potentially survive a cyber-attack.
Tip 8 – Review Mobile Device Policies
If your staff work on the move or are planning to work remotely over the festive period, devices such as laptops should be encrypted, and policies should be in place to protect critical company data. This gives you peace of mind that you have control over corporate information.
Tip 9 – BOYD Policy
Since the pandemic, many companies were forced to allow the use of personal devices for business use. However, in order to reduce the risk of data loss, device compromise or a network breach, your company needs to establish an effective BYOD security protocol. This should involve mandating software is up to date, installing security controls and encrypting data. For more detailed advice read this article by the National Cyber Security Centre on updated NCSC guidance on enabling your staff to use their own devices for work
Tip 10 – Time to Plan
With many other businesses out of the office over Christmas, it can be a quiet period. Take advantage of the lull and use this free time to start planning for the year ahead. Start looking at areas of your business that could be improved – need a better network? More data storage? Better cyber security protection? Do you have a Cyber Security Playbook? Create a to-do list for the year ahead and plan for 2022.
