It's supposed to be the most wonderful time of the year, but the holidays have now become a hunting ground for hackers looking to steal personal and credit card information, or hold data for ransom. While most people think about holiday hacks as involving retailers (and indeed, many do—the number of attacks on e-commerce during the fourth quarter of 2017 was 113% greater than the volume of attacks in the previous quarter), retailers aren’t the only ones at risk during the holidays. This year we saw how a ransomware attack effectively shut down systems in Atlanta; now imagine if hackers were able to pull off a similar attack during the hustle-and-bustle of the holiday season. The busyness of the holidays may force the victims hand into paying the ransom. So, what is it that makes organizations so much more vulnerable to attack during the holidays?
Top 5 Reasons Holidays Make Organizations More Vulnerable to Cyberattacks
1. Reduced Staff
Throughout November and December, many employees use their vacation days to travel, visiting family and friends. This can leave an organization vulnerable, as employees meant to be guarding the fortress are no longer on site. In addition, employees working remotely can compromise security as many are likely to be logging on from risky Wi-Fi hotspots and using devices that may not have security features.
2. Employee Online Shopping
During the craziness of the holiday season when everyone is short for time, who wants to hit the mall? No one. So, it’s no surprise that employees make some online gift purchases while at work. Unfortunately, they may be targeted by a malicious ad that’s offering a hot deal. Without thinking, they might click on an ad that winds up infecting the entire network.
3. Email Overload
Inboxes fill up fast during the holidays. There are emails from friends and family, holiday party invitations, purchase receipts, shipping confirmations, and a host of other communications. Because of this, employees—even those who’ve been trained to be wary of suspicious emails and links—are a lot more likely to put their guard down. Scammers know this, and use this to their advantage.
4. Use of Personal Email
Employees are much more likely to use their personal email during the holidays to do online shopping and other tasks. But unlike company email which is more likely to block suspicious links and attachments, personal email isn’t usually filtered for malicious content by the organization. The content is often delivered over end-to-end encrypted communications, such as HTTPS, enabling attachments to bypass filters which gives attackers access to the corporate network.
5. Password Similarity
Most people have dozens of online accounts, and it can be a challenge to remember all those passwords (especially when some of them are only used around the holidays for shopping or sending e-cards). Rather than continually fill out “forgotten password” forms, many people use the same or similar passwords for their retail accounts as they do for their organization’s network. Because the holidays are when most people access retail accounts, this gives hackers an in, hurting consumers, employers, or both.
Finding Security Through a Third-Party Provider
Holiday hacking is going to continue—and likely increase due to online traffic, distracted employees, and decreased resources. Much has been written in regards to the best way to protect your organization from cyber threats (you can read our list of eight ways to protect yourself in our recent story on SamSam ransomware), but if you’re concerned about security this holiday season, you may want to consider partnering with a third-party provider. A third-party provider can help evaluate your current systems of security, or augment your staff when both threats and employee vacations are at their highest. With a third-party provider, you can gain peace of mind of knowing that your organization is in good hands—even while managing a skeleton crew at the holidays! DSM, Florida’s predictable cloud provider, can help you stay protected this holiday season—and beyond. Contact one of our IT experts today to learn more.