In the US, senior Biden administration officials released a warning reminding businesses to be on high-alert regarding cyber attacks during the holiday season. Major enterprises received a letter from the national security advisor for Cyber and Emerging Technology, Anne Neuberger, and National Cyber Director Chris Inglis, which spelled out the need for cyber vigilance.

Historically, hackers have targeted companies during holidays. For example, this past Fourth of July weekend, hackers struck Kaseya with an attack that paralyzed tech firms, and that led to deluge of downstream effects for dentists offices, restaurants and other small businesses.

In addition, recent events have illuminated the extreme risk that many businesses face due to the fragility of digital infrastructure.

The tips in this article can help your organization’s employees and clients enjoy a stress-free, attack-free holiday season.

Why hackers love holidays

Hackers love holidays because a certain percentage of employees are inevitably distracted or out of office, meaning that there may or may not be the usual number of eyes watching systems. This opens up exciting windows of opportunity for hackers.

7 best holiday breach prevention tips 

This series of recommendations was assembled by authoritative cyber security leaders in the field. 

Update patching. Cyber criminals plan around the fact that organizations commonly fail to patch well-known, easily fixable vulnerabilities. Ensure that your organization’s patching remains up-to-date in relation to all known vulnerabilities.

Schedule management. Examine staffing plans for IT and security teams. Ensure that holiday coverage is sufficient. In addition, create awareness around which employees are on-call 24/7 in the event of a cyber emergency. When it comes to remediating attacks, minutes count. Delays in response can worsen consequences for enterprises. Maintain a list of valid contact information for appropriate persons, and an outreach plan that accommodates lack of access to corporate resources.

Employee awareness. Is your human firewall strong enough? Test employees with spear phishing simulation emails and provide informational material pertaining to common forms of cyber attack. Reinforce the imperative to report suspicious online behaviors to IT or security teams.

Network security. Allow logs, pay attention and investigate suspicious activity promptly. Expedient identification of threats can improve outcomes.

Strong passwords and mandatory multi-factor authentication. Place an inquiry to your IT staff regarding the duration of time that’s lapsed since employees were last required to change their passwords. Cyber criminals often operate with stolen credentials. Requesting a credentials reset and mandatory multi-factor authentication can prevent hackers from accessing systems.

Run through cyber drills. All organizations conduct fire drills as a means of preparing for emergencies. Similarly, organizations may wish to consider routine cyber drills to ensure that everyone knows how to respond in the event of a cyber conflagration. Initiating rigorous security stress tests leaves you with the latitude to improve systems and processes, should they appear imperfect.

Backup your data. Determine which data requires backing up. Consider automating backups. A backup solution that automatically and routinely writes critical data and system configurations to backup locations can help your organization recover quickly from a cyber attack. Keep at least one copy offline.

“Many attacks succeed simply because the organizational back-up strategy is incomplete or permits criminals access to the backed-up information,” stated a White House memo.

In summary

Proactively adopting prevention and defense strategies ahead of the holidays can help your organization get a jump on business in the new year; no slowdowns due to cyber situations. For timely insights into building a 2022 cyber security roadmap, see this Cyber Talk article.

Lastly, to learn more about pressing issues in the cyber world, please join us at the premiere cyber security event of the year – CPX 360 2022. Register here.