Cyber criminals never take a day off. And during the holiday season, employees can be distracted, letting their guard down and forgetting their security training. This time of year, even IT-security teams can get careless about credentials, more prone to falling for phishing attacks, and somewhat lax about monitoring their networks for anomalies.
The following are some of the risks posed to companies during the holidays:
Company Equipment Usage
- Employees will often use company workstations and phones to shop online around the holiday season. This puts the company in danger of being spoofed, phished, or hacked—all of which can lead to a data breach.
- Individual and corporate credit-card information is stolen at a higher rate during the holidays, as most people are not shopping over secure URL links.
Increased Social Engineering Attacks
- Cyber criminals increase their phishing campaigns during the holiday season, and employees often forget what they’ve learned during their annual training. These phishing campaigns will often center on the latest gadget or toy, hoping to lure last-minute shoppers into the trap.
- Fraudulent URLs posing as Amazon, Sony, Xbox, etc., are dangled as bait during the holiday season.
- Deceptive URLs can install keyloggers, allowing an attacker to gather vital information such as credentials and credit-card information.
- Vishing and spear phishing often increase during this time, as well. All suspicious calls and emails should be reported.
Holiday Party Virtual Invites & Registries
- Virtual invitations to holiday parties and party gift registries are often spoofed and hacked, allowing attackers to steal identities and use them for phishing campaigns. Registries can also be used to find specific employees, either to stalk them or to steal their identities.
IT/Security Team
- During this time of year, IT-security teams often fail to pay full attention to their network traffic, not realizing they’ve been hacked until it’s too late. Security updates and patches that come out during this time of year are often not installed until after the holidays, which allows attackers to exploit vulnerabilities and gain access to a network and its data—resulting in DDoS and Ransomware attacks.
It is critical for all employees to pay attention to cybersecurity threats throughout the year, as cyber criminals lie in wait to take advantage of any mistake. But companies should conduct cyber-awareness training just before the holiday season begins so that these vulnerabilities are fresh in everyone’s mind when the threat is greatest.
With an increase in social-engineering attacks, spoofing, and identity theft, IT personnel must stay vigilant and maintain their security postures. Cybersecurity teams should ensure that their infrastructure is protected through up-to-date security patches, vulnerability scans, and penetration testing. These will allow them to find any vulnerabilities that exist and mitigate them before a breach occurs.
Think before you click, report all suspicious emails and phone calls, and confirm that a web site is secure before making an online purchase. Enjoy the holiday season, and STAY VILIGENT!
If your business needs IT consulting and services near Winchester VA, call the experts at Netmaker Solutions. We work with the United States Department of Defense, United States Navy, and various commercial Lead Systems Integrators and would love the chance to serve your business.