5 Ways to Promote Employee Cybersecurity During the Holidays

The holidays bring a number of challenges for organizations, but one that may surprise business leaders is the increase of cyberattacks. Ransomware attacks, for instance, increase by 30% over the holidays compared to the rest of the year. What can businesses do to increase their cybersecurity?

If holiday travel or remote work is on your agenda, consider downloading DOT Security’s Cybersecurity Checklist for When You’re on the Go to stay secure during the holidays.

As you can see, cybersecurity trends differ between in-office and remote work:

1. Watch Out for Phishing Emails 

“91% of all cyberattacks begin with a phishing email to an unsuspecting victim.” -Deloitte 

Every year, there is a marked increase in the number of phishing emails sent by cybercriminals.  

With phishing, a bad actor poses as a trusted person or organization, sends an email to their target users, and requests they click a link, download a file, or provide valuable information or money.  

For example, you may get an email that purports to be from Amazon. It’s notifying you that your account has been blocked due to suspicious activity. Also, it has a link you can click on to reach their customer service site. Unfortunately, if you click on the link, you will be taken to a malicious website.  

Phishing emails have become pervasive. They have also evolved into more strategic messages called “spear phishing.” With these, the malicious actor can use information you shared on social media, or a similar medium, to craft a message specifically tailored to you. With your guard lowered, the likelihood that you will engage with the email increases.  

Whether your employees work from an office or home, warn them to be alert this holiday season and watch out for phishing emails. To read more about other popular scams that emerge during the holidays, check out the blog Top 6 Holiday Scams. 

2. Update Your Software 

One of the easiest ways to uphold cybersecurity during the holidays is to check on software updates for your computer and all mobile devices. Take the time to install them or schedule an update installation during a time when you are not using your device.  

Developers tend to publish software updates whenever a vulnerability becomes known. When a bad actor takes advantage of an unpatched vulnerability or a yet-unknown vulnerability, this is known as a zero-day attack. Zero refers to the number of days the developer has been aware of the vulnerability. 

Therefore, it’s important to that your staff update all their devices, especially during the holidays when attacks increase. Consider also updating any “smart” appliances, such as smart TVs, cameras, and wearable devices, since these can also be an entry point into your network. 

To see other easily actionable tips to improve your cybersecurity, check out the blog 5 Low-Cost Ways to Improve Cybersecurity. 

3. Do Not Share Your Personal Info on Social Media 

“When something goes out on the Internet, it's out there forever.” – Criminal Minds 

In several of their company security audits, our penetration testers have found that employees are easily fooled by spear phishing emails. Spear phishing, as mentioned above, is a type of phishing tactic that targets the email to a specific person with specific language tailored to the victim. 

The penetration testers fooled company employees by sending them an email from a pretend dealership discussing the same car model and make as the recipient’s. How did they get this information? In the recipient's social media page.  

The user had shared a photo of his car as well as the model. Although this information may seem innocuous, it was later used by the penetration testers to lure the recipient into clicking a link. Since this was a test, the link didn’t lead anywhere malicious, but real spear phishing campaigns are not so benign. 

The information you share on social media can be used against you in such attacks. If your profiles are set to public, consider making them private so that only users you know and trust interact with your information. Additionally, refrain from sharing company information that could be taken advantage of to craft a spear phishing campaign. 

To learn more about other common errors our penetration testers found in organizations they visited, check out the blog 5 Common Cybersecurity Mistakes. 

4. Enforce Strong Passwords and MFA 

A weak password can become a gate for cybercriminals to infiltrate your company network. Therefore, using lengthy passwords is a simple way to deter bad actors from hacking attempts.  

75% of Americans are frustrated with having to manage their many passwords, according to a study by Google. This means that taking advantage of a password management tool is an option that not only will keep your credentials safe, but also remove the often-challenging task of remembering several passwords and ensuring they are not misplaced. 

Multifactor authentication, or MFA, is a tool that asks the user to provide two or more verification methods before being able to log into their accounts. With 66% of Americans using the same password for more than one account, using MFA could make the difference between a safe network and a data breach. 

To use MFA, you can download an authenticator app from a trusted source—Microsoft and Google both have MFA apps in the app store, for example. Any time you log in, you can use the app to confirm that you are the correct user. In case of your password getting lost or misplaced, any malicious actor would not be able to log in using your credentials. 

For employees working remotely or traveling during the holidays, this can be an effective tool to improve cybersecurity.

To learn more about other tips to stay cyber-secure when not working from the office, head over to the blog How to Maintain Security When Employees Work Remotely. 

5. Provide Cybersecurity Training for Your Staff 

Cybersecurity training is an investment that pays off in the long run. Since 82% of business breaches involve the human element—which means that data breaches were caused when a user lost their credentials, were socially engineered to initiate a hacking campaign, or simply made an error—training is one powerful way to maintain cybersecurity during the holidays and also year round. 

Cybersecurity training doesn’t have to be daunting or even boring. The right professional will show your team how easily business networks can be hacked, some of the red flags to look out for, and ensure they also become part of force championing cybersecurity in your organization. 

Work with your team so they understand the goals of cybersecurity training. A cybersecurity consultant can create engaging sessions for your team to actively participate in. They can also help you designate cybersecurity champions who will continue your organization’s commitment to stay secure. 

The knowledge that your staff will gain can be applied wherever they go, which means your company will stay safe whether your employees work on-site or from home. 

To learn more about the be types of cybersecurity training and its benefits, read our blog The Importance of Cybersecurity Awareness, Training, and Education. 

Bottom Line 

Use the tips above to add extra layers to your security strategy to defend against increasingly active cybercriminals this holiday season.  

Remember, humans can be either the weakest link or the strongest barrier against data breaches, therefore be sure to share this information with your staff so that they too can champion cybersecurity during the holidays. 

Stay secure stay wherever travel or remote work may take you. Download DOT Security’s Cybersecurity Checklist for When You’re on the Go today to defend yourself from malicious actors during the holidays.