According to statistics, E-commerce holiday sales grow 11-15% year-over-year, reaching between $210-$218 billion this season alone. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have also observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed. They have warned businesses to stay alert and be diligent in network defense practices during holidays and weekends.
But how can you protect your business this holiday season? A complete overhaul of your cybersecurity is impossible but here are some tips to help you out.
Tips for the Holiday Season
- Be Cautious
It is crucial to always be cautious of everything online. During this time of the year, phishing and ransomware attacks tend to be on the rise. You and your employees should be careful when opening special holidays promos and deals sent through emails. Attacks have been more sophisticated in recent years, making it harder to distinguish what is real or not but taking the time to double-check suspicious attachments, links and emails can help avoid a compromise.
Phishing attacks can also be sent via social media, messaging apps, and SMS. Educate your staff about the risks and tell them to always be cautious of any links or download that is sent from an outside party. To add, it is important to alert IT security of any potential phishing or ransomware attacks that you may encounter.
- Threat Hunting
According to the CISA website, “threat hunting is a proactive strategy to search for signs of threat actor activity to prevent attacks before they occur or to minimize damage in the event of a successful attack.” At times, threat actors can lurk in your network for months before anyone can detect it, giving them the potential to steal data and encrypt files. Threat hunting includes understanding the IT environment, evaluating data logs, and installing prevention systems and automated security alerting systems. With this in mind, threat hunters look for the following:
- Unusual inbound and outbound traffic
- Compromise of administrator privileges
- Substantial increase of database read volume.
- Logon attempts
- Logon attempts from different locations
- IAM
It is a given not everyone in the company should have access to all data. That’s why Identity and Access Management (IAM) security is an important part of a company’s cybersecurity practices. By limiting and authenticating data access to authorized personals, IAM significantly improves the efficiency and effectiveness of the access management of a company. It enables companies to manage and monitor user access within the network, making it easier for the security team to keep track of logins. IAM not only makes it more efficient but greatly enhances security while mitigating the risk of a compromise.
- Back up and update
Having an offline backup of data is one of the best ways to protect your data. Ransomware has significantly increased in recent years and has the potential to steal and erase sensitive information. With the holidays almost here, it’s a good time to make sure that backups are working and that they are maintained offline.
Another way to help strengthen your cybersecurity defense is by regularly updating and scanning software. The latest updates of software can patch vulnerabilities in the previous system, making it safer and more effective. Threat actors always look for vulnerabilities to take advantage of and outdated software can expose you to these threats. Scanning regularly can also help identify and address these hidden vulnerabilities. By establishing a centralized patch management system, you can maintain the health and security of your system.
- Secure accounts and network
Developing a great cybersecurity practice is a great way to maintain a safe and secure environment. Simple practices such as setting a strong, secure password and using anti-malware and anti-virus software can go a long way. Another way to secure data is by adapting a Multi-Factor Authentication (MFA) system. This adds additional layers of protection and requires users to validate their identity multiple ways before they can access the data or account.
Another great way to secure your network is through network segmentation. This practice allows you to isolate different networks from each other, separating personal and work-related activities. Businesses should also consider filtering out IP addresses to prevent users from accessing suspicious websites. These methods give you the freedom to control your system and data, creating a safer workplace for you and your employees.
Summary
During the holidays, cybersecurity threats increase significantly. Consumers are spending more time and money online, sharing their sensitive information and payment details to different platforms and sites. That’s why organizations need to sustain a strong cybersecurity defense, especially this season. However, maintaining a secure and safe environment is a year-round practice, not just the holidays. By having a proactive and advanced cybersecurity defense, businesses can secure sensitive data and significantly reduce the likelihood of a breach.
References:
Reed, Jonathan. “7 Holiday Cybersecurity Tips to Try Before The Year Ends.” Security Intelligence, 6 Dec. 2021, securityintelligence.com/articles/holiday-cybersecurity-tips.
FadilpaŠIć, Sead. “Businesses Set to Face an Onslaught of Ransomware Attacks over Holiday Season.” TechRadar, 3 Dec. 2021, www.techradar.com/news/businesses-set-to-face-an-onslaught-of-ransomware-attacks-over-holiday-season.
“Ransomware Awareness for Holidays and Weekends | CISA.” CISA, www.cisa.gov/uscert/ncas/alerts/aa21-243a. Accessed 13 Dec. 2021.
Ravichandran, Hari. “Holiday Shopping Cybersecurity Tips.” Forbes, 25 Nov. 2020, www.forbes.com/sites/forbestechcouncil/2020/11/30/holiday-shopping-cybersecurity-tips/?sh=5ee1fbcdf841.