The holiday season is a busy time for many of us. Unfortunately, it’s also a busy time for cybercriminals, who know that holidays are when individuals and businesses get distracted and fail to practice proper computer hygiene, making them vulnerable to cyberattacks. In addition, many businesses shut down during holidays or operate with minimal IT staffing, exacerbating any cybersecurity shortcomings they might have. Cybercriminals clearly don’t give a fig about our noble sentiments and pursuit of joy during the holiday season—when they prey upon our distractedness.
What is a cyber security attack?
Cyberattacks are executed by individuals or organizations—some of which can be large and sophisticated and function like proper companies—for political, criminal, or personal intentions to destroy or gain access to classified information. Cyberattacks seek to damage or gain control or access to important documents and systems within a business or personal computer network. They can take many forms, including:
- Malware (malicious software) that disguises itself as a trusted email attachment or program to exploit viruses and allow hackers into a computer network. This type of cyberattack often disrupts an entire IT network. Malware examples include trojans, spyware, worms, viruses, and adware.
- A Distributed Denial-of-Service (DDoS) attack is when several hacked computer systems target a site or network and deny the user experience on that website or network. For example, hundreds of pop-ups, advertisements, and even a crashing site can contribute to a DDoS attack on a compromised server.
- Phishing is the act of sending fraudulent emails on behalf of reputable companies. Hackers use phishing to gain access to data on a personal or business’ network.
- SQL injection attacks are when a cybercriminal exploits software by taking advantage of apps to steal, delete, or gain control of data.
- Cross-site scripting (XSS) is when a cybercriminal sends a “script-injected” or spammed website link to your inbox, and it’s opened—releasing personal information.
- Botnets are when multiple computers, normally on a private network, are infected with viruses and other forms of malicious software.
- Ransomware is malicious software that threatens a victim by destroying or blocking access to critical data or systems until a ransom is paid.
Holiday cyberattack prevention
Here are some tips on preventing holiday cyberattacks.
- Back up files, photos, and videos saved to your laptops, tablets, smartphones, and other devices. In the event that your computer does get locked up you’ll still have access to the valuable data it contains. Backing up is low-hanging fruit.
- Don’t pay the criminals who’ve hijacked your computer. There’s no guarantee that they will release your files upon receiving your payment, and paying ransoms only encourages hackers to repeat their nefarious acts.
- Watch out for phishing attacks, a tactic for tricking victims into providing vital personal information or downloading malicious files. Hackers will send victims an email or text that looks like it comes from a legitimate source, such as a bank, utility, or credit card company. The message might warn that the recipient’s account will be shut down if they don’t click on a link to register their account information. Or it might state that the sender has discovered suspicious activity and the recipients must click on a link to protect the funds in their bank accounts or stop fraudulent purchases being made by their credit card accounts. Don’t fall for this scam!
- Avoid using public wifi. Though it’s tempting to log into public wifi while holiday shopping, public wifi is notoriously unsecure. It’s easy for hackers to spy on your online activity, possibly nabbing passwords and log-in information while doing so. Never log onto your online bank accounts or credit card portals through public wifi.
- Make sure your security software is updated. You can adjust your settings to allow updates to occur automatically. Failure to update exposes your devices to the latest viruses and malware.
- Conduct cybersecurity awareness training programs for staff. As a consequence of the increased workload and distractions that the holidays bring, employees may be more vulnerable to phishing, social engineering, and even charity fraud. Simple precautions can mitigate risk, such as not clicking URLs in emails from unknown senders and keeping operating systems and programs up to date. A training session from a company like Nivee could remind staff to be cautious about what messages they read, preventing them from opening a Trojan horse.
- Have a holiday contingency plan and make sure your employees are aware of it. Make sure your firewalls are up to date and that all your data is encrypted. It’s also a good idea to plan for short-term or temporary staffing. Responsibilities must be fully understood in all departments.
- Diversify your systems to avoid a single point of failure. Many businesses put all their assets in one location, facilitating access to hackers. Spreading your assets across multiple accounts makes it more difficult for cybercriminals to obtain access to them and provides you more time to prepare a defense when your resources are stretched thin.
Cybercriminals don’t rest during the holiday season. Quite the contrary. They know it’s a time when you may be inclined to let your guard down and are thus vulnerable to a broad range of cyberattack strategies. Talking to your employees about being vigilant and providing training where required is an investment that could pay big dividends.
Nivee offers an extensive array of cybersecurity services to test and identify risks that may lead to cyber attacks, including those around holidays. Headquartered in the Greater Toronto Area, Nivee offers services throughout North America. Click here to set up an appointment to learn more about how your company might be at risk to a cyber attack.