[Updated as of 16 November 2022]
As many businesses prepare to wind down and shut up shop for Christmas, cyber criminals are preparing for their busiest time of the year. Make sure your business is ready to weather the festive cyber-attack storm with our security checklist…
Alarm bells ring, are you listening?
With online shopping growing year-on-year, and events like Black Friday and Cyber Monday encouraging shoppers to make hasty purchasing decisions, Christmas is the perfect time of year for cyber criminals to launch their attacks. From phishing and skimming attacks against individuals, to malware and Distributed Denials of Service (DDoS) against businesses, cyber gangs are striking more and more over the festive period.
Research reports that in 2021, global ransomware attacks increase by a massive 30% over the Christmas period. Last year, a ransomware attack on a payroll company, which handles HR and wages for millions of public and private sector employees, jeopardised the critical December pay packets of hundreds of thousands of workers. And, in the run-up to Black Friday, the National Cyber Security Centre was forced to notify more than 4,000 small businesses that their customers’ payment details were being stolen in skimming attacks. But these were just the tip of a dangerous festive iceberg.
It’s critical for IT security teams to shore up their defences before turning off the lights and heading home for mince pies and mulled wine. Here are M247’s top tips to keep your business safe and sound over the festive period:
1. Speak to your teams
Everyone’s rushing to get home for the holidays, but it’s important to send them off with up-to-date knowledge of your business’ cyber security plan. Warn them about the latest phishing scams doing the rounds, and make sure they know what to do in the event they fall victim. Christmas is a time for giving, but not of personal details and hard-earned savings.
2. Prepare for increased stress
The festive period calls for online shopping, streaming Christmas films and people generally being online more than usual. Business systems can become easily overwhelmed by the increased amounts of data flowing in and out. Make sure your Business Continuity Plan is setup, so your customer-facing tools have the bandwidth to cope, and that you’ve got the infrastructure in place to securely handle, manage and store all that new data.
3. Be aware of industry-specific threats
Before you can kick back with an eggnog, it’s important to get a feel for any cyber-attacks that are either already affecting your industry or have historically occurred over the festive period. Look at what’s happening with similar businesses and learn lessons from previous unlucky victims. This will help you see vulnerabilities in your systems that you might not otherwise have considered, so you can take appropriate steps to mitigate the threat.
4. Look for weak points
Actively looking for vulnerabilities in your systems and networks is the best way to deter potentially disastrous breaches from materialising. Be aware that cyber-attacks are evolving more quickly than the means to protect against them, so even if you’ve carried out penetration testing recently, there may be exploitable weaknesses in your system.
5. Gather a response team
Once you’ve identified and closed your weak points, it’s a good idea to nominate a response team to have on standby over the holidays in case your systems are attacked. Build a plan to identify who’s responsible for doing what, and make sure everybody knows who they need to report to.
6. Upgrade and update all systems
Making sure your systems are up to date with the latest standards and security patches is one of the easiest ways to deter cyber-attacks. Apply any updates and upgrades in plenty of time to ensure everything works before your team is away from the office.
7. Turn on multi-factor authentication
A fairly easy but effective measure to take before you head off for the Christmas break is to make sure multi-factor authentication is switched on as standard, so your team can flag any unauthorised logins on their work devices.
8. Implement ongoing firewall and network monitoring
Firewalls are designed to prevent malicious intrusion to your systems, so making sure yours is updated and working optimally is essential. Having a monitoring system in place behind the firewall will flag up any intrusions – either attempted or actual – as well as highlighting any unusual behaviour that your response team needs to be aware of.
9. Make regular backups
In the event of a potentially catastrophic breach or attack, it’s vital that you’re able to shut down your systems, roll back your data to a safe version and get back up and running as quickly as possible. Having a good and regular backup and recovery system in place is crucial for allowing this to happen.
Winter blackouts: Avoid a nightmare before Christmas
Another thing businesses need to prepare for over the 2022 festive period is the possibility of widespread power outages. The UK’s energy network operator, the National Grid, has warned of the potential need for planned localised blackouts to ensure supplies throughout the winter. And while the National Grid said it’s ‘unlikely’, it does remain an outside possibility – and it’s one businesses need to prepare for. The last thing you want is for your servers to go down while everyone’s at home tucking into their turkey, only to return in January to find all your data gone or damaged.
Network security is not just for Christmas
M247 offers a range of hosted and managed firewall and backup solutions to keep your business up and running, even when your teams are away from the office. To discuss your business’s security needs for the festive period and throughout the year, give our team a call today.