It’s that time of year again with the holidays in full swing. While your staff is busy thinking about their holiday vacations, cybercriminals have something else in mind entirely. Bad actors don’t go on vacation just because you do. In fact, this relaxed time is often the moment that cybercrime ramps up.
Attackers are waiting for employees to unplug, hoping they can strike when their defenses are down. Take the Shutterfly breach in December 2021 for example, cybercriminals hit the company with a ransomware attack over a weekend in December, demanding millions in ransom. Attacking companies around the holidays is now commonplace. Other notable holiday cybersecurity attacks include the Colonial Pipeline attack on Mother’s Day Weekend, the JBS cyberattack over Memorial Day, and the 4th of July Kaseya attack.
Companies need to make sure they have the right security protocols in place to ensure your infrastructure and data are secure when your staff is on holiday. Here are five tips to keep your business secure this holiday season.
1. Work With a Managed Services Provider (MSP)
Many businesses have small IT teams, but what happens when one person inevitably goes on vacation? Working with an experienced MSP takes the heavy burden of keeping your infrastructure secure off your employees. With 24/7/365 monitoring and support, you can rest assured that your infrastructure is being looked after even when your IT staff is on vacation. An experienced Security Operations Center (SOC) team will detect, alert, and mitigate any attacks that may occur whether over the holidays or on a typical workday. Enjoy the peace of mind that comes from knowing your business is protected.
2. Maintain Secure Passwords
Password hygiene is critical to keeping data safe, which is why it is important to use strong passwords with numbers, upper and lowercase letters, and symbols. Having a strong password can be difficult for many employees to remember, which is where a password manager can be increasingly valuable. A password manager is helpful because it stores all your complex passwords for various systems and allows employees to remember a single password for the password manager. One password to rule them all. Enabling multi-factor authentication (MFA) also offers an additional level of security where multiple codes, PINs, or devices are used for logging in. This is increasingly important to boost authentication security.
3. Don’t Use Public WiFi
When your staff are out of the office but still want to check in, they may be using unsecured internet to do it. While public WiFi is incredibly convenient, it could be leaving your organization open to risk. When an employee uses public WiFi to connect and check in, they could be exposed to a man-in-the-middle attack. This is when cyber criminals intercept information, essentially ease dropping on your conversations. Always use a secure connection and VPN when you’re trying to connect outside the office. Also, disable the “auto-connect to WiFi” feature on your personal device, this can ensure you’re only connecting to internet connections that are secure.
4. Stay Alert for Phishing Scams
Have you ever received an odd-looking email from your company’s CEO asking you to do them a favor immediately? This might look like a request to buy and send gift cards ASAP, share secure data, or transfer money. Unfortunately, if you’ve seen this, then you witnessed a phishing email! When employees are out of the office, your first instinct may be to act quickly instead of taking the time to verify if the request is legitimate or not. If an email doesn’t look right, you should always verify with the sender through known contact channels. Employee security awareness training can proactively mitigate human error, which causes 90% of data breaches. Teaching employees about the threats in today’s landscape could be the difference between keeping your infrastructure secure and having a breach. Providing employees security tools like TPx’s Managed Detection and Response allows them to verify suspicious looking emails easier. Employees are able to submit emails for review and validation to see if something is actually a phishing attempt. When your IT team is out of the office, having instant validation through a tool can help ease employees minds and keep your company secure.
5. Back Up Your Data
If you’re attacked this holiday season, you want to have an updated backup, especially if you are the victim of a ransomware attack. You can roll systems back to a certain point in time. Restore your business before the ransomware attack. This helps you protect against data loss and paying ransoms.
Let TPx protect you while you’re OOO. Enjoy your vacation time without worrying about who is keeping your company’s data safe. For more information about how TPx can help you defend against cyberattacks, contact TPx today. Don’t wait!