The holidays increase your organization’s exposure to cyber risk:

Reduced staff — December is the month of cookies, hot chocolate, and half your workforce going on vacation. Interim employees, remote workers, and reduced staff across the board.

Email avalanche — The Holiday season makes for chaotic inboxes. Even if staff are aware of phishing and other scam tactics, attention inevitably wanders. Remember that 80% of attacks start with a phishing tactic and remain vigilant.

Remote work — As staffers read emails, print invoices, or follow-up on leads, you’ll be relying on your organization’s VPN. As VPN activity increases, your Security Operations Center gets flooded with traffic to inspect, and that translates to more false positives. Attackers can duck into this traffic jam to hide intrusion and other malicious activity.

“Free” Wi-Fi — Public Wi-Fi hotspots offered by hotels, train stations, cafés, libraries, and airports are an excellent entry point for attackers, so make sure employees are aware of the risks when travelling.


Cybersecurity Strategies for Christmas

You can implement a specific holiday security plan to reduce the effectiveness of attacks. This is not complex, but it is important to guard against any Scrooges eyeing your organization:

Provide a best practice checklist for employees: phishing, IT security procedures, Internet usage, and other key policies should be easy to understand.

Evaluate resilience by checking your workstation patches and your Active Directory configuration. Monitor your workstation status. To ensure your OS is updated, you may use a mix of GPOs and WSUS configuration.

Have multiple backups. It is not enough to check the “success” status of your backup jobs — it is critical to confirm that your backup files are resilient by testing a restore plan on specific systems.

Even after the Holidays, cyberattacks won’t be going away any time soon. They will grow and adapt to take advantage of increasing traffic and decreased resources inside businesses. It’s important to design security into your IT systems and workflows. Automating key recurring tasks is a quick win. Does your organization monitor traffic and network activity, audit your Active Directory’s security, and test your backups’ resilience regularly? Consider it a gift to yourself.

Call for peace of mind (248) 357 -3980