For businesses, the holidays offer an important high point in revenue and customer engagement. Charities and nonprofits experience increased giving, often facilitated by a number of annual drives and events. For businesses and charities in the United States, the traditional start of the season is Black Friday, though many groups have had ‘soft’ starts preceding Thanksgiving. This time is as hectic as it is joyful, with daily operations complicated by time off requests, variable holiday hours, and increased demand.
To accommodate increased fiscal pressures on consumers in 2022, organizations like TESCO are lengthening their ‘Holiday’ Season to allow for a slower accumulation of Christmas gifts and food. Meanwhile, Sainsbury is assuming that smaller grocery bills will mean any discretionary spending will be spread out to limit shocks to smaller consumer budgets. In the United States, many consumers admitted they started Christmas shopping in October for a myriad of reasons, including inflation-driven fear of price increases and supply chain shipping issues. A recent Accenture survey in England showed two thirds of British adults are planning on cutting back on spending, with estimations that the holidays will be more focused at home. Customers and clients in different countries will have varying levels of economic pressure, but seem intent to still celebrate, even if it is in a different manner than would’ve been assumed pre-2020.
Holiday Data Protection
Unfortunately, cyber criminals thrive when things are unsettled, so it is imperative that data protection remains a priority. With all the normal holiday chaos, as well as a turbulent global economy beset by geopolitical tension, digital asset protection is a must. Organizations should consider the data they steward and shore up their digital defense for both themselves and their customers! Check out these cybersecurity tips and prepare your organization for the season:
Encrypt Information
In a season with increased online engagement, it is crucial that customer and client data is encrypted, both as it is being stored and while it is being transported. The holidays impact non-commercial and non-charity enterprises as well, since cyber criminals utilize busy periods to gain access into systems. Best practice suggests that all data be encrypted all the time, not just during the holidays, but if an organization has not taken that step, there is no time like the present to strengthen one’s defensive posture. Invest in encrypted email services and implement software solutions like DriveStrike to manage fleet encryption across the globe.
Prepare for Threats
Ransomware attacks tend to increase during the holidays, as the chaotic nature and increased traffic of the season provides ample opportunity for human error. Sophisticated email or SMS-based attacks have higher potential for success as distracted staff and hurrying clients can easily click a faulty link. Additionally, increased levels of website traffic due to the holiday can make it difficult for IT teams to locate abnormal patterns that might hallmark a distributed denial-of-service (DDoS) attack. The prevalence of these attacks makes holiday data protection an issue of vital importance.
To defend against seasonal attacks, the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) suggest Threat Hunting, a strategy to proactively find and prevent threat actor activity. Introducing a methodical plan that includes monitoring activity, locations, and strange traffic patterns can help organizations find attackers before they can cause damage. The faster threats are located, the faster they can be eradicated; vigilance is the backbone of a good defensive posture.
If any oddities are noticed, address the concern as outlined in your organization’s Incident Response Plan, leaning on the side of caution. Check if the data is available on the dark web, and change passwords for any impacted accounts.
Be Careful With Funds
Depending on the industry, an organization may be taking in larger-than-normal amounts of donations or revenue. Keep up to date with invoices, and keep a close eye on bank statements for suspicious activity. Notify pertinent financial institutions and law enforcement if any fraudulent charges appear at any point. In the case of some small businesses, utilizing a digital wallet to limit risk to a bank account may be an option to provide an additional layer of security for the organization’s financial data.
Update Software and Digital Spaces
Any website downtime is time that companies can’t be performing business through the site, so take action to prepare online spaces for the season. In the modern world, website health is the key to avoid losing revenue and data, so shore up all online defenses. Organizations should ensure that their online presence does not have vulnerabilities that could make it easy for bad actors to redirect traffic to bogus websites or create spoof emails to phish information from customers or staff. Confirm that your plug-ins and website firewalls are up to date and secure. If a website experiences a ransomware attack, or goes down due to immense amounts of web traffic in a DDoS attack, the organization will lose business and potentially credibility. Segment company systems as much as possible to protect against network-based attacks.
Update the software on company devices and ensure that anti-malware programs are working properly. Verify that devices regularly handling company, client, and customer data are on the company’s secured network or Wi-Fi. Remote or traveling employees should always use a secure network or Wi-Fi connection, such as a Virtual Private Network (VPN). Ensure that devices that access an organization’s network have endpoint protection that is capable of Locating, Locking, and Remotely Wiping data in the event that a phone or laptop is misplaced during holiday travel.
Train Your Staff
Employee training is essential to every company’s cybersecurity strategy. First, review data protection policies such as the Mobile Device Management protocols and Incident Response Plan. In some situations, an update may be necessary to reflect best practices and new threats. If not already in place, consider implementing a policy that separates work and personal device usage. When attackers target employees shopping on work devices, one click could compromise company data; a separate device policy can mitigate this risk.
Offer a brief refresher to staff, discussing the overall cybersecurity strategy with employees and reviewing steps each employee should take in the event of suspicious online activity or a potential breach.
Cover topics such as:
- Phishing
- Password hygiene
- Implementation of multi-factor authentication
- Malware threats
While scheduling between multiple holidays can be complicated, verify there will be IT staffing for the entire season. Threats do not always crop up during work hours on weekdays, and in data breach scenarios every second counts. Arrange an on-call system if IT is in-house, or verify with your IT subcontractor what coverage looks like through the New Year to ensure optimal protection. Ultimately, all the policies in the world do nothing if staff is unaware of them or does not understand the importance of data protection. A practical discussion of these topics can help mitigate this risk for the company as well as clients and customers.
Conclusions
The holidays are a time of excitement, family, friends, and celebrations, but cybercrime and data leaks can put a damper on even the most festive spirit. Organizations can protect themselves, their customers, and their clients by taking steps to mitigate risks and monitor potential threats. By emphasizing data protection in this way, it can truly be the most wonderful time of the year!
About DriveStrike
DriveStrike is an all-in-one endpoint security solution that integrates Remote Locate, Lock, and Wipe services with Encryption management in one secure online console. Begin defending your data today with mass deployment options for phones, tablets, and computers on any operating system. Start your 30 Day Free Trial and begin protecting data today with DriveStrike!