We all expect the Christmas / New Year season to be a time of celebration, peace and goodwill to all, right? But cyber attackers didn’t get the memo. They are more likely to attack businesses with phishing attempts during the holidays. Prevent issues by knowing what to expect.
Cybercrime research shows that during the Christmas / New Year period, attacks rise substantially. According to research by Barracuda, phishing attacks “spiked to more than 150% above average” the week before Christmas.
But why do hackers target businesses during the holidays? It is because they know that things employees are not paying the same diligent attention as they normally do and are more likely to click on a malicious link or fill out a form seeking sensitive information. Or in other cases, businesses are overwhelmed and are trying to get everything done before the holidays. Emails and phone calls are flying around and the bad guys bank on people overlooking details.
Phishing is an attempt to trick a person into clicking on a malicious link or giving out personal information such as bank accounts, passwords and credit card numbers.
Phishing uses social engineering to expose weaknesses in a businesses security and leverages potential vulnerabilities. The hacker, usually via email, tricks someone into responding to a fake request from a supplier, bank, client or colleague. They are hoping to get a nibble from unsuspecting employees who don’t think to:
- be wary of redirects to fake sites made to look legitimate;
- question why a work colleague is asking for something that is out of the ordinary;
- check the spelling of the URLs or the email sender;
- contact the sender (via the phone) of a suspicious email for confirmation before actioning.
During the holiday season, everything can feel urgent, and employees are more likely to fall for phishing emails. An otherwise alert employee could fall for something dumb because they are distracted or too busy.
You need to regularly talk with employees about the dangers of phishing and reiterate policies around payment, wire transfer, data sharing and the sending of confidential data.
Other preventative measures include:
- Testing your infrastructure to identify any weak points.
- Making sure all computers have the latest security updates installed.
- Set up automated filters to check the safety of links in inbound emails before they get to the user.
- Establish geolocation policies to restrict website access and emails from certain regions.
Finally, if you recruit temporary staff to handle the holiday rush, be sure to limit their access. Also, remember to immediately revoke their systems and network access once they leave.
If your business is too busy now to focus on phishing prevention, we can help. Contact our IT experts today and we can set up training and implement email management and filtering tools to secure your business.