As the holiday season approaches, businesses must be prepared not only for the festive cheer but also for heightened cybersecurity risks.
While everyone is focused on spreading joy and goodwill during Christmas, cybercriminals are devising new ways to exploit the holiday spirit for their malicious purposes.
In this digital age, where businesses rely heavily on technology and online operations, neglecting cybersecurity during Christmas can lead to devastating consequences.
We’ve updated the following checklist that will help you stay safe and sleep better over the festive period.
Why not share this with your staff or include it in your next team meeting?
Leaving devices connected to the internet can make them vulnerable to cyberattacks.
Turning off devices when not in use reduces the exposure to potential threats and helps protect your data and privacy.
If you're closing the office or leaving home for a week or more, disconnect the router/modem from the mains power - a disconnected modem is a safe modem!
If you have an IT provider you can ask them to temporarily disable the WiFi remotely instead. Most enterprise systems have the notion of a schedule and this is a healthy thing to configure to permit access during specific times
If you're closing the office for a few days or more, ask your IT provider to gracefully shut down the servers
This is as much to do with the risk of heat generation as it is to thwart a cyber-attack
As you have likely heard us say many times - it's good practice to regularly change your login passwords to key accounts such as banking and emails etc.
Always use long, unique complex passwords that are not used on more than any one account
To create bombproof passwords that you don't need to remember we recommend using a password manager such as 1Password or Bitwarden.
You can also refresh your memory of how to create bombproof passwords with our short tutorial HERE.
⚠️ Note: Change your home modem password too! These are often overlooked and stay the same for years which means they are a soft target for cybercriminals
in 2023, the primary method cybercriminals use to infiltrate a company's network remains phishing.
Phishing is a deceptive online tactic used by malicious actors to trick individuals into revealing sensitive information, such as passwords or financial details, by disguising themselves as trustworthy entities.
During the holiday season, your email and text messages may be inundated with "Merry Christmas" greetings and enticing discount offers.
Maintain a high level of vigilance and caution when dealing with incoming emails and messages. If you have any doubts whatsoever, refrain from opening them.
⚠️ Note: And watch out for one of the latest cybersecurity trends - quishing - aka SMS Phishing - you can find out more HERE.
Manufacturers of computers and electronic devices frequently release software and firmware updates to ensure security and optimal functionality.
You likely update your computer's software when prompted, but it's important to remember other devices in your digital ecosystem, like your router or modem.
Have you recently updated their firmware, including the ones at home?
If you're unsure how to perform a firmware update, reach out to us here at CyberHeroes or consult the manufacturer's website, which often includes a 'how to' section for guidance.
Nice though it is to disconnect from the outside world during the festive period, it's worth doing a quick 'pulse check' by watching/reading the news as major cyber security breaches will be reported there.
Think about the Optus or Medibank data breaches as examples...
Even if you only check every other day, knowing about major attacks and whether your data is involved is important so you can take the necessary steps, such as changing your passwords.
What do we mean by that?
If your office will be unattended for a few days or more, turn the VPN off. Whilst secure, it still represents a potential threat vector and, if you'll not be using it anyway, just switch it off
But, this also means that you'll likely be working remotely or travelling so, be sure to turn your personal VPN on e.g. Express VPN or Nord VPN
Even if you're only logging on from home (and not some random cafe with free WiFi), using your personal VPN is a strong, proactive measure to help keep cybercriminals out of your life
⚠️ Note 1: If you're travelling, make sure your insurance has a cyber crime provision included in case of an attack
⚠️ Note 2: If you're travelling, make sure you have your banking contact details (i.e. account number, contact numbers - NOT your login details) and consulate details left with someone you trust (not on your devices)
⚠️ Note 3: If you're travelling, make sure you have your phone contents backed up to iCloud, Google Drive or similar in case your phone is lost or stolen
If Multi-factor Authentication (aka MFA or 2FA) is available, use it.
Make MFA your default.
If you have a choice, opt to use an Authenticator App such as Google or Microsoft rather than SMS, they're more secure.
The online shopping space is a lucrative hunting ground for cybercriminals
Stay with reputable, well-known websites when you're browsing online, and avoid clicking on any adverts that pop up or appear on the screen
Human behaviour makes us susceptible to 'clickbait' and adverts are a time-tested way of getting malware onto your computer
⚠️ Note: The safest way to shop online is to stay with the major sites and never click on adverts
Whilst this should be a 'thing' you do anyway, at a time of year when ransomware attacks increase by 30% or more, having a backup of your data (that is stored separately, and disconnected from your network) is essential.
Why?
A successful ransomware attack would seek to encrypt your data. If you don't have a separate backup then you are beholden to the cybercriminals...
If backing up your data seems like an inconvenience ask yourself these questions:
1) Will you pay a ransom in the hope you get your data back?
2) What will it look like if it takes weeks to decrypt your data (assuming you get it back)?
It's dealers choice, back up or not?!
One commonly used attack method by cybercriminals is creating manufactured urgency.
They send your staff an email or SMS, pretending to be you, asking them to 'pay an invoice' or 'transfer some money' as a matter of urgency.
And the message could say, "I'm in a meeting for most of today so I won't be available".
So it's 'urgent' and 'you' can't be contacted...
You'd be amazed at how often this technique works.
So, make it clear to your staff that you will NEVER send emails or messages asking them to do anything like this.
If they receive such communication they should ALWAYS speak to you personally - even if that means waiting a day or more.
Reinforce that they will never be 'in trouble' for double-checking.
If in doubt, they should give you a shout.
Whilst there are no guarantees that you still won't become a victim of cybercrime, by following the 12 tips above you'll dramatically reduce your risk profile.
You'll also sleep better knowing that you've made yourself (and your family) a less likely target.
We provide cyber security concierge services because we understand that at some stage almost every business on the planet will become the victim of cybercrime and we don't want yours to be one of them.
If you need any support with your IT systems or security, the team at Cyber Heroes is on hand to offer advice.
If your organisation is a member of the Cyber Heroes community and you think you may be the victim of cybercrime then you can call for additional support on the 24/7 Hotline.
(1800 292 374)