As many businesses prepare to wind down and shut up shop for Christmas, cyber criminals are preparing for their busiest time of the year. Make sure your business is ready to weather the festive cyber-attack storm with our security checklist for the festive season.
Alarm bells ring, are you listening?
With online shopping growing year-on-year, and events like Black Friday and Cyber Monday pushing shoppers to make hasty purchasing decisions, Christmas is the perfect time of year for cyber criminals to launch phishing and skimming scams against individuals, as well as malware, ransomware and DDoS attacks against businesses.
According to the National Cyber Security Centre, more than 4,000 businesses have already been notified of skimming attacks on customers in the lead-up to Christmas this year, and that’s almost certain to be the tip of a depressing festive iceberg.
It’s critical for IT security teams to shore up their defences before turning off the lights and heading home for a few mince pies and a glass of mulled wine. Here are our top tips for ensuring your business is safe and sound over the Christmas holidays…
1. Warn your teams
Everyone’s rushing to get home for the holidays, but it’s important to send them off with an up-to-date knowledge of your business’s cyber security plan. Make sure they know they shouldn’t be logged into business-critical networks on BYOD devices while they’re carrying out personal shopping tasks. Warn them about the latest phishing scams doing the rounds, including the recent spate of charity-related scams. It’s a time for giving, but not of personal details and hard-earned savings.
2. Prepare for increased stress
With online shopping at its annual peak, business systems can become easily overwhelmed by the increased amounts of data flowing in and out. Make sure all your customer-facing tools have the bandwidth to cope, and that you’ve got the infrastructure in place to securely handle, manage and store all that new data.
3. Be aware of industry-specific threats
Before you can kick back with an eggnog, it’s important to get a feel for any cyberattacks that are either already affecting your industry or have historically occurred over the festive period. Look at what’s happening with similar businesses and learn lessons from previous unlucky victims. This will help you see vulnerabilities in your systems that you might not otherwise have considered, so you can take appropriate steps to mitigate the threat.
4. Look for weak points
Actively looking for vulnerabilities in your systems and networks is the best way to deter potentially disastrous breaches from materialising. Be aware that cyberattacks are evolving even more quickly than the means to protect against them, so even if you’ve carried out penetration testing recently there may be exploitable weaknesses in your system.
5. Gather a response team
Once you’ve identified and closed your weak points, it’s a good idea to nominate a response team to have on standby over the holidays in case your systems are attacked. Build a plan to identify who’s responsible for doing what, and make sure everybody knows who they need to report to.
6. Upgrade and update all systems
Making sure your systems are up to date with the latest standards and security patches is one of the easiest ways to deter cyberattacks. Apply any updates and upgrades in plenty of time so you can iron out any wrinkles – which could potentially turn into gaping chasms – while your team is away from the office.
7. Update and strengthen passwords
A fairly easy but effective measure to take before you head off for the Christmas break is to update and strengthen network passwords. Make sure two-factor authentication is switched on as standard, and that only necessary personnel have access to the business-critical areas of your systems – at least until the office opens back up.
8. Implement ongoing firewall and network monitoring
Firewalls are designed to prevent malicious intrusion to your systems, so making sure yours is updated and working optimally is essential. Having a monitoring system in place behind the firewall will flag up any intrusions – either attempted or actual – as well as highlighting any unusual behaviour that your response team needs to be aware of.
9. Make regular backups
In the event of a potentially catastrophic breach or attack, it’s vital that you’re able to shut down your systems, revert to a safe version and get back up and running as quickly as possible. Having a good and regular backup and recovery system in place is crucial for allowing this to happen.
Network security is not just for Christmas
M247 offers a range of hosted and managed firewall and backup solutions to keep your business up and running, even when your teams are away from the office. To discuss your business’s security needs, for the festive period and throughout the year, give our team a call today.