While this year's biggest deals may be the talk of the town, our team at SeedSpark is focusing on a different kind of "Cyber Monday". The National Retail Federation is forecasting a record-breaking year for holiday shopping with an estimated $850 billion in revenue - a ~10% increase as compared to 2020. Whether it's snagging a limited-time deal or digitally picking up some last-minute gifts during their lunch break, it's safe to say that employees are going to spend time this year checking off their shopping list at the office. In fact, a 2018 study found that Americans spend nearly two hours per day shopping online on company time.
Lost productivity aside, online shopping is creating another cybersecurity risk to add to a growing list of vulnerabilities that companies should keep in mind throughout the holiday season. Before you head home for the holidays, here are a few of the biggest risks that you should handle to protect your data and prevent a security disaster.
Identify Holiday Phishing Attacks
From text messages and emails to phone calls and even MFA confirmation messages, social engineering continues to be one of the core ways that bad actors trick users into sharing their information. While phishing attacks are a threat throughout the year, the strategy changes during the holidays to try to trick users who may be shopping online or expecting packages.
With so many people ordering online, confirmation emails and text messages claiming to be UPS or FedEx with tracking codes are often malicious messages with links to sites that could install malware onto your system, trick you into sharing your personal login information, or both. Holiday sales also present an opportunity, giving attackers the opportunity to throw together a fake offer or ad claiming to have the best deals of the season. Without a keen eye, this type of attack could trick users into clicking on a malicious link that infects your entire company network.
While security software is a fundamental part of anyone's cybersecurity stack, the most important step that anyone can take to combat social engineering attacks is to understand the latest strategies and what to look for. Even if a malicious message makes its way to your inbox, knowing how to tell the difference between legitimate emails and scams makes all the difference. Check out our quick guide to identifying and avoiding phishing attacks to learn the basics.
Use AI in Email Security
From Amazon's Alexa Voice Shopping to new Christmas classics, artificial intelligence is becoming a larger part of the holiday season each year. When the flood of malicious emails hits your inbox, artificial intelligence is the gift that keeps on giving with filters that track the latest phishing trends, identify fishy patterns in incoming messages, and restrict those emails from ever even entering your inbox. As you're rounding out the year's workload, artificial intelligence helps you focus more on collaborating with co-workers and finishing the year strong - not on trying to recover from a ransomware attack.
Prep Your Team and Your Tech
The holidays should be a time of well-deserved rest and relaxation, including your IT team! Unfortunately, cybercriminals are all too aware that many teams may be running a skeleton crew over the holidays. With fewer eyes monitoring cybersecurity dashboards, the holidays are often seen as the perfect time to strike. If you have an in-house IT team, it's important to make sure that they're properly staffed throughout the holiday season and that someone is always on call in the case of an emergency. For businesses who outsource their IT needs, keep your eye on your email for updated holiday support hours and additional information on how they're continuing to provide protection throughout the holidays.
For IT professionals, double-checking that automated backups are turned on and the business continuity and disaster recovery (BCDR) plan is up to date are two important steps that can ensure that your team or your clients are ready to bounce back if an attack takes place. Properly setting up a VPN for those working remotely during the holidays is another important step that every team should take to ensure that their connection and the data being transferred are both completely encrypted and protected from attack.
Perform Network Penetration Testing
Why wait for a hacker to find the breach in your network? Network penetration testing helps companies stay ahead of a cyber attack, proactively scanning for and identifying potential security threats. Regularly performing scans and updating your network's cybersecurity measures as needed is a proactive move that is guaranteed to pay off in the long run. Before your team scales down for the holiday season, perform a network penetration test to identify risks. Then, develop a remediation plan that can get those holes patched so that your network is protected from every angle.
SeedSpark is proud to support our clients with industry-leading tools that help protect their networks throughout the year. By building a complete cybersecurity strategy, we ensure that businesses of every size have the enterprise-level cybersecurity that is needed to protect their data in today's ever-changing cybersecurity landscape. Contact our team for a free 30-minute technology assessment, assessing today's technology and identifying new opportunities to help you stay prepared for tomorrow.