Why Hackers Love the Holidays
The holidays are a time of merriment and fun around the office and hackers love to take advantage of this. They are counting on companies to let their guard down when they are celebrating or are out of the office for extended periods of time. Hackers love the holidays and one of the most common attacks a business will see around the holidays are from ransomware. According to Forbes, 63% of respondents to a ransomware survey were victims of an attack over the last year. According to IBM, the average cost of a ransomware attack can cost up to $4.62 million.
The upcoming holidays are going to be a challenge this year because of reduced network supervision. Companies are already going through labor shortages and many employees request paid time off during the holidays. This means there will be fewer hands on deck to combat cyber threats. The employees that are working are often spread too thin and do not have the time or resources to respond to threats. The bottom line is that if businesses want to stay safe around the holidays, they need to be proactive in protection before the holidays come.
Read on to learn why hackers love the holidays.
Your company has not patched all of the critical vulnerabilities in its infrastructure.
Ransomware is considered to be a cyber hygiene problem. The threat actors associated with ransomware attacks are more probable to seek out a company that is more likely to pay and suffers from issues like unpatched vulnerabilities which makes them very easy targets.
Hackers know that there will be a backlog of patching to do around the holidays because staff will be out of the office and not able to take care of it all. Patching can also be an overwhelming task for many internal IT staff. This is why hiring a managed service provider is a wise choice and can eliminate the need for internal vulnerability patching. It is done by the MSP offsite.
Your employees are not paying attention to potential cyber threats.
Everyone is distracted by the hustle and bustle of the holidays and that can open a window of opportunity for hackers. A common ransomware email scam is that the hacker will send an email with a headline that reads happy holidays or something similar with a malicious link in it.
Another common scam around the holidays is that the threat actor or hacker will send an email that entices the user with a seasonal discount offer. If the user clicks these links while using the company hardware and network, they are likely to infect all the company’s infrastructure with malware or lock it down with ransomware. Before the rush of the holidays hits, be sure your employees are up to date with cybersecurity awareness training to prevent incidences like this.
Cyber criminals use the holidays to attack customers as well.
Over the past decade there has been a significant increase in online shopping and with that comes the risk of data breaches, identity theft, and ransomware attacks. Even if your business is not in the retail sector, there is still the chance that your customers can fall victim to a cyber-attack especially if you are hacked and send spoofed emails.
Spoofing is a form of fraud that involves a hacker writing an email that appears to be from your company’s domain name that includes a link to a malicious website or link to download ransomware. You can prevent this by using a secure email set up and also doing the following.
• Do not use the same password for the multiple company email accounts.
• Use a strong and hard to guess password.
• Change your password regularly.
• Enable multi factor authentication on your company email accounts.
On the other hand, employees who are using internal hardware to do online shopping can also put the company at risk. In the excitement of online shopping, they may absentmindedly click a malicious link and infect the device they’re using with malware or ransomware.
Employees may also want to open their personal email to look at shipping information for their purchases. The content contained in personal email boxes is usually not filtered for malicious content and the attachments contained within may give hackers access to the corporate network.
Employees who are working remotely for the holidays run the risk of cyber-attacks.
Even when a company’s employees are off for the holiday, they may still want to check in and do some work remotely. In fact, over 55% of employees are predicted to work remotely during holiday breaks and travel. Remote work has become a business staple since the pandemic started but just because employees are working out of the office does not mean the risk of cyber-attacks will lessen.
Good cybersecurity awareness training for employees who work remotely will help. The two biggest cyber related risks to employees who are working remotely are utilizing unsecured Wi-Fi and falling victim to phishing scams. You can help employees mitigate these risks by implementing the mandatory usage of a VPN (virtual private network) and having a thorough remote work security policy. Check out our other article on remote VPN usage here. We will also be covering how to write a remote work cybersecurity policy later on this month for our holiday-related managed IT campaign. This campaign will help educate our customers on security tips and making the transition to managed IT in 2023.
Hackers love the holidays but they hate managed service providers.
Tekscape is committed to providing proactive, responsive, and timely managed IT services support for our clients. We start with our comprehensive new client onboarding process designed to get your business up-and-running on our monitoring and management tools with as little disruption as possible. For over 15 years, we have successfully onboarded simple and complex IT infrastructure supporting multiple users including:
• Servers and Systems
• Collaboration (Phone, Video)
• Desktop, Email and Endpoints
• Microsoft Office 365 & Azure
• Security & Disaster Recovery
If you have noticed of any of the signs that your IT infrastructure needs an upgrade, please do not hesitate to reach out to us.