When Employees Are Away, Cybercriminals Play. Securing Your Network During the Holidays

When Employees Are Away, Cybercriminals Play. Securing Your Network During the Holidays

November 20, 2024

The holiday season can be a time of cheer, but also a time of utter chaos and distraction. That’s when those Grinchy cybercriminals step up their naughty tricks. While many of us go about our holiday business, maybe take more vacation time, and overall just try to be full of glee, they get to work taking advantage of all of that and more. In fact, according to studies, cybercrime skyrockets around this time of year.

The cybersecurity software company, Cequence found that last year, there was an increase of 550% in unique methods used by threat actors. They could be lazy and just reuse tactics, but they don’t! Because of this, as well as the normal cybersecurity threats that pester us year-round, it’s a good time to review your cybersecurity strategy for the holiday period when perhaps people are on vacation more or just in the office less.

Tip 1: Have a separate holiday plan. With fewer people around, review your plan to make sure those with a task in it are going to be available in case you need to activate it. Check holiday vacation schedules, make revisions, and do a run-through with the whole, possibly new team for the duration.

Tip 2: Backup, backup, backup. This cannot be stressed enough and should be ongoing all year. Make sure all of your important data and systems are backed up and that current copies are working. Keep backups out of internet reach.

Tip 3: Automate and centralize your patching and updating processes. If you’re used to going desk to desk to update systems, consider making a centralized and automated process to do this so nothing is missed. Don’t forget those work-from-home employees.

Tip 4: Check your virtual desktops and access permissions. More people may be working out of the office during this time. Ensure their permissions are limited to what they need and most definitely install VPNs for anyone not working physically in the office.

Tip 5: Provide cybersecurity awareness training. As is the norm these days, phishing runs even more rampant this time of year. Consider an awareness training session before everyone takes off for the holidays. Remind them of malvertising scams, charity scams, flash sale scams, etc. Not clicking is the key.

Taking a bit of time now to review your cybersecurity and preparing for what may come down the chimney this time of year can save you headaches when you’re sliding into next year.

Your Security

Phishing Examples Of The Current Top Ransomware Threats

Ransomware attacks have become increasingly prevalent and damaging in recent years and they do not discriminate. Every person, industry, or organization is fair game for cybercriminals wanting to make a buck; in most cases, many bucks. Cybercriminals are constantly on the lookout for vulnerabilities they can exploit to gain unauthorized access and deploy ransomware. Here, we highlight some of the most significant vulnerabilities leveraged by ransomware groups, their implications, and the importance of securing these weaknesses. READ FULL STORY

Corporate Security

What Is The Price Of The Average Data Breach? Awareness Training May Be The Key To Prevention

The price tag for a data breach went up this year, way up. Although the global average cost per breach is now a whopping $3.86 million, the average cost for the U.S. is $8.64 million, the most expensive in the world. IBM’s “2020 Cost of a Data Breach” report sheds light on the growing financial costs of a breach, having increased by more than $2 million each over the past two years. The report also finds employees are the costly reason behind enterprise data breaches. READ FULL STORY

Scams & Phishing

Microsoft Warns of Growing Threat: New AiTM Phishing Techniques on the Rise

Microsoft recently issued a warning regarding the surge in adversary-in-the-middle (AiTM) phishing techniques, which have become increasingly prevalent in the phishing-as-a-service (PhaaS) cybercrime model. In a recent X post, the Microsoft Threat Intelligence team noted that this evolution in the PhaaS landscape enables cybercriminals to conduct large-scale phishing campaigns aimed at getting around multi-factor authentication (MFA) safeguards. These campaigns are particularly concerning because they can target a wide audience. READ FULL STORY

Corporate Security

Reducing Cyber Extortion Risk Rates To Your Business

In the business world today, securing data and systems starts with a commitment from company leaders. The recent boom in cyber extortion is lowering the survival odds for businesses of all types and sizes, especially those lacking sufficient cybersecurity. These extortion attacks hold a business captive to hacker demands, and if they aren’t met, the penalties inflicted can be enough to shut the business down. While cyber extortion continues to thrive, some suggestions can help those tasked with cybersecurity keep those threats at bay. READ FULL STORY

Scams & Phishing

Online Scams The New Top Cybercrime With 73% Of All Attacks

Move over former top cybercrimes, there’s a new winner according to Group-IB experts who specialize in high-tech cybercrimes. Group-IB recently announced that online scams are now the number one type of cybercrime in the world today, with some referring to this as a “scamdemic.” Researchers found that in total, fraud now makes up 73% of all online attacks. There’s a definite need for users to be aware of these scams, how they can work and how prevalent they are. READ FULL STORY

Email Address

Create a new Verification Phrase Enter any word or words you like.
The email newsletter will arrive from news@stickleyonsecurity.com Please wait...