‘Tis the season that we’re all more vulnerable to cyber attacks

It’s that glorious time of year; we’re spending time with loved ones, going to parties, exchanging gifts and probably taking some time off work.

And there’s always someone out there to spoil it.

For many people, December is a rush of activity; they are distracted by festivities and plans, and work tends to fall a couple of rungs down the priority ladder. These distractions provide the perfect cover for cybercriminals to make their move (you may have seen notices from various national cyber and crime departments – here’s one from the FBI in the US).

So, here is your timely reminder about staying on your toes, even when things get a little hectic. Truthfully, this isn’t just about December, it’s about anytime you might have your mind on something else.

Here’s an example. When we talk about Business Email Compromise scams, we always tell our clients that they should be particularly vigilant before time off, or even the weekend. If someone is planning to convince you to send them thousands or millions of pounds, they already know your schedule and that you’re likely to be so busy wrapping things up that you might just let something slip by. Other scams may include deliveries and parties that open the way for social engineering opportunities and emails offering amazing prizes that are just too good to be true.

This is no different for ransomware, which often comes via a phishing email. And while the office is working with a skeleton crew (i.e. while half the team is off on holiday), it’s the best time to strike. Hackers don’t really do annual leave.

Mitigating the risk

We recommend the usual mitigation activities, including:

• Ensuring you have an offline backup of your data (and certainly a process to do this regularly).
• Providing your staff with awareness training so they know what to be on the look out for.
• Patching your software and infrastructure! Put in place a patching process and then adhere to it.
• Putting in place a strong password policy and enable Multi-Factor Authentication and then make sure your staff stick to it.
• Testing your defences regularly; keep up-to-date with the ever changing threats from criminals who don’t take holidays.
• Reviewing your Identity and Access Management policy to make sure your workforce can only access what they need to as this gives cyber criminals fewer options if they do happen to breach your defences.

But when it comes to managing an attack or breach:

Have an Incident Response plan: Incident response isn’t perfect on a normal day, but imagine a day where the SOC has fewer staff than usual or the security team are short-staffed and thought everything might be ok for “just that one weekend”. To counter this, your Incident Response plan should have considerations for a skeleton crew—like during the holiday season and on weekends. It’s also very important to ensure you hire a diverse team, as this can generally alleviate staffing issues for a multitude of reasons and it broadens the capabilities of the team as they share ways of thinking and experiences.

Have an on-call process: What happens if disaster strikes and the back up staff have been relaxing by the pool with a margarita in hand? If you have team members on call, make sure the rules are clear.

The right technology: The human element of incident response is pretty important, but so are the tools. Ensuring that your organisation has the right tools in place (and that might be a managed service provider or your own internal SOC) and that those tools are configured correctly.

Don’t be complacent

Importantly—and we do say this a lot—don’t ‘set and forget’ any of the digital security measures you put in place. Cyber criminals don’t stop for the weekend or for the holidays and they are always looking for a way to get access to your networks and systems. If you would like to talk about setting up, testing or improving your defences, we would be happy to help. 

Contact us to talk about what you need.