Did you know that hackers love the holidays? It’s true. This festive season, with its twinkling lights and holiday cheer, is also prime time for cyberattacks. While you’re stringing popcorn and trimming the tree, hackers are weaving their own plans. Why? Because, during holidays, IT teams often operate with skeleton crews, with key personnel on vacation or enjoying well-deserved breaks. Hackers know this and love to exploit the reduced workforce, launching attacks—confident that most won’t notice until it is too late.
Real-World Examples of Holiday Hacks
Some examples of holiday hacks are well known in the annals of cyberattacks.
- Target (2013): Hackers infiltrated Target’s systems just before Thanksgiving, stealing the credit card information of millions of customers. The breach wasn’t noticed until nearly mid-December.
- Playstation Network (2011): During the week of Christmas, hackers launched a cyberattack on the Playstation Network. Hackers stole data—including usernames, passwords, credit card information, and personal details—and caused widespread system disruption.
- Playstation and Xbox: (2014): NBC News reports that “A hacking group called the Lizard Squad picked Dec. 24, 2014, to launch an attack against the computer networks of the two gaming systems, and they succeeded in knocking the networks offline for much of the next two days—temporarily turning $350 gaming consoles into pieces of junk.
- Linode (2015): In the same report, NBC says, “And it’s not just video game platforms. In 2015, a Christmas Day DDoS attack targeted Linode, a cloud computing company, knocking its services intermittently offline for days.
- Stratfor Global Intelligence (2011): Even more embarrassing, NBC also reports, “The private intelligence group Stratfor Global Intelligence was the target of an attack on Christmas Eve 2011 in which attackers said they had obtained access to a huge cache of emails.” Proving that any business can get hacked, and that it pays to be prepared.
- CapitalOne (2019): A hacker exploited a software vulnerability on the CapitalOne servers just before Labor Day, gaining access to the personal information of over 100 million customers. The break-in was not noticed for over four months.
Cybersecurity Tips To Fortify Your Business
But there’s no reason to let the Grinch steal your holiday fun. There are ways to protect yourself from hackers if you don’t let the holiday cheer lull you into a cybersecurity coma..
- Patch up your defenses: Ensure all software and systems are updated with the latest security patches to eliminate vulnerabilities hackers can exploit. But do it well before the holiday so, enough IT staff members or provider personnel are on hand to manage an emergency or intervene if anything goes wrong with potential system-breaking updates and upgrades.
- Back up your data: Regularly back up your data to a secure location. This way, if hackers do steal their way into your systems, it won’t be months before you’re up and running. And you can quickly restore any data they manage to corrupt. In addition, eliminating redundant or unnecessary data can enhance data privacy and security. Evaluating and refining your current data collection practices and policies will give you a comprehensive understanding of the user information your organization gathers and help you determine which of it you need to store.
- Educate your team: Train your employees about holiday cyberthreats and how to stay safe online. Warn employees to be on the lookout for holiday-related phishing attempts. Threat actors are known for using fake holiday sales and offers to lure people into clicking on malicious links. The FBI offers tips on recognizing and avoiding scams, including credential theft that can compromise business assets. Knowledge is power, especially in the fight against cybercrime.
- Secure your network: Implement strong network security measures, like firewalls and intrusion-detection systems.
- Secure sensitive systems: Isolate payment processing systems and enforce privileged access management to secure and oversee access to critical systems like payroll and IT.
- Use strong passwords: Encourage employees to use strong, unique passwords for all accounts and enable multi-factor authentication for added security. Adopting an enterprise password manager can also thwart hackers who could exploit things like employees who might inadvertently enter their credentials on phishing sites.
- Protect workers on the go: Travelling employees may conduct business on their mobile devices, charge company-owned phones at public charging stations in airport terminals or hotel lobbies, or log in to work apps through unsecured Wi-Fi networks. Since mobile devices provide much of the same access as traditional endpoints, and often serve as an authentication tool, hackers can infiltrate an entire network, putting cloud data and applications at risk. A Virtual Private Network (VPN) establishes a secure and encrypted connection, safeguarding sensitive data during transmission.
- Monitor everything 24×7: Today, it is more crucial than ever to continue to monitor all IT systems and data for unexpected or unusual activity, even if it is a holiday; so you see a hacker’s efforts before they steal your milk and cookies.
- Use a security framework: Most frameworks include all this and more. Industry-specific or proven general-purpose frameworks are a great way to assure partners, customers, regulators, and insurers that you’re fulfilling their requirements. And a good way to avoid missing any of these important security processes.
Finally, DO sweat the simple stuff:
- Don’t post on social media that you’re going to be away: Cybercriminals can see your posts too, and have tools to look for them. And they view absences as great times intrusion attempts.
- Turn off unused workstations: This stops lateral movement of cybercriminals who want to move from machine to machine and infect the whole network
- Don’t leave the default administrator password on your printers: Overlooked peripherals offer an easy back door into the rest of your network.
By following these tips and staying vigilant, you can ensure that your business enjoys a happy and cybersafe holiday season. Remember, hackers are opportunistic, hoping to catch you off guard. But with the right cybersecurity measures and practices in place, you can turn the tables.
Unwrap Better Ways To Stay Safe
If you’d like to see if your business lacks any of the security features and processes that might make it vulnerable to a holiday hack, sign up for a Compliance Audit from Sagacent Technologies.