We’re coming to that time of the year when employees are excited about the holidays and taking time off to be with their loved ones. But while employees are preparing for some rest and relaxation, hackers are gearing up for their busy season. In fact, the holiday season is when hackers are the most active.
There are a few reasons for increased malicious activity around the holidays:
- IT staff, like other employees, take PTO, so enterprises are understaffed compared to a normal work week.
- In December, people tend to experience burnout after a busy year causing some to relax their normally good cybersecurity posture.
- Employees also are in a rush to finish projects before ringing in the new year, which can lead to mistakes.
- Enterprises often hire contractors to fill some staffing positions, and these temporary employees might not be familiar with company policies and procedures.
Combined, these factors create a perfect storm for hackers to execute successful cyberattacks.
Given this threat landscape, what can companies do right now to prepare for the holiday hacking season? Here are five actions they can take immediately to shore up their defenses:
Pause large changes in your security stack. IT changes that may not have been fully tested can create vulnerabilities. While it might be tempting to rush things out the door to achieve a clean slate going into the new year, doing so will create significant security risks as weak systems can present security gaps that cybercriminals can easily exploit. If it won’t hurt the business, consider delaying any IT changes until the new year, when staff is back, recharged after their break and ready to give their full attention to testing.
Ensure contractors are up to speed on company policies and procedures. Many companies hire contractors to fill staff shortages around the holiday season. While this is great from a business standpoint, it can be troublesome from a security perspective, as temporary or contract workers might not be as knowledgeable or vigilant about cybersecurity policies and practices.
Additionally, they likely have not gone through the same cybersecurity training as full-time employees. To reduce risks associated with contract workers, ensure they have been briefed on the company’s security policies and give them short trainings on vulnerability management. A little time spent on cybersecurity education and awareness can go a long way in preventing mistakes while they’re working on the network for a few weeks.
Subscribe to a threat intelligence offering. Security is a collaborative effort, and your company does not have to go it alone. Threat intelligence offerings are available to help you understand current threats making the rounds, so you can identify which present the most risk to your company. When you know attackers’ threat vectors, motives and targets, you can better prepare your organization and respond faster in the event of an attack. The research is already done and out there – you just need to access and take advantage of it.
Carefully watch traffic coming into the security operations center (SOC). Making sure the traffic coming into the SOC is normal and expected is of utmost importance. If anything seems abnormal, make sure to investigate it immediately, as unusual activity could mean a bad actor is trying to penetrate your network. Monitoring traffic is a practice that is important year-round, but it’s especially critical during this time of year when companies typically experience increased traffic volumes. Additionally, communication across teams in this regard is key, as people are in and out of the office for the holidays.
Communicate safe IoT stewardship while employees are home. Many employees will receive connected devices as gifts this holiday season, and while they provide many benefits, they also introduce security risks – and not just from a consumer perspective. With a large remote/hybrid workforce still dominant across enterprises, people could reach for their corporate laptop first to plug in that new drone or IoT-enabled smart watch. Clearly communicating to employees to leave their work laptops safely stored away can prevent insecure devices from compromising corporate networks.
The holidays are a time of joy. Don’t let bad actors put a damper on your holiday spirit. Taking the time to follow these best practices will help your company stay secure during the holidays, into the new year and beyond – and then you and your employees will get the much needed rest and relaxation you deserve.