Tis the season to be jolly, and with big retail events like Black Friday and Cyber Monday, the Christmas season is also becoming an increasingly online experience. This also means there are a host of seasonal hackers looking to take advantage of others’ goodwill over the coming months. As we start doing more and more shopping online, often letting our guards down in terms of cyber security, we could be opening ourselves up to whole host of new threats.  

However, it’s not just the Christmas shoppers who are susceptible to cyber threats at this time of year. Businesses can also experience new levels of security threats as employees begin to enter into the festive season. So what should we be looking out for during the upcoming holidays and beyond?

Festive spirit

During the Christmas period, festive spirits are running high and some employees’ judgement around data protection may be slightly more lax than usual. Companies can therefore be at higher risk of data breaches as employees start saving copyrighted material or downloading infected material onto their network. With administrators or IT security staff beginning to take holiday leave, security processes are likely to drop without those around responsible for enforcing it. 

Driving home for Christmas

During the Christmas holidays, businesses are more likely to suffer attacks as everyone prepares to vacate the office for a prolonged period. Often only a few administrators will be left behind to cope with a large work load, and systems must be in place to automatically monitor the network situation and alert administrators when things go wrong. During the holiday season it is essential that such tools support notifications not only through email system but also through mobile technologies such as SMS. This is crucial as people tend to check their emails much less during this time of the year due to busy social schedules.

Viruses and malware are more likely to be on the rise during the holiday period as hackers also have more free time. Therefore it’s important to ensure anti-virus software continues to run over the break, scanning the network and updating the system with the latest virus definition files.

Deck the halls

As companies shut down for the Christmas period, IT professionals also need to consider which non-essential services should be shut down as well. Wireless technology, for example, gives hackers direct access to the internal network infrastructure without having to physically break into the building itself and if left unattended can pose quite the security risk. It allows savvy hackers to break into the system, breaking weak passwords and gaining access to the operating environments.

Additionally any service or server which is not required during the Christmas shutdown should also be disabled. This will ensure that in the event of a cyber attack, hackers will have the minimum number of attack vectors available to them.

Secret Santa

If it’s vital that some particular computers or servers remain in operation over the Christmas holidays, businesses must ensure these have strong access controls and safeguards. Remember, hackers are also likely on holiday at the same time and have even more time on their hands to perform targeted attacks.

Attackers will presume that IT security will be more lax than usual as administrators also go on holiday, and may look to take advantage of this to run aggressive attacks which may not be detected or acted upon until after the next year – leaving plenty of time to cover their tracks and infiltrate sensitive systems. 

Beware the Grinch

Unfortunately it’s not only outside hackers you need to be wary of over the Christmas holidays. Insiders with bad intentions are also likely to take advantage of the quiet season, to try to access restricted information in the knowledge that they’re less likely to be caught stealing. Therefore, it is vital to ensure any important servers which have sensitive information are physically secure. Administrators should ensure server rooms are securely locked before leaving for holidays, and the same goes for network switches, wireless equipment and any other device which might provide an entry point to secure networks.

New Year Housekeeping

For businesses that can sit back over the long festive holiday, this could be an opportunity to take stock of identity and access strengths and weaknesses.  Most enterprises will have seen many staff changes over a year and for some Christmas may have been a seasonal peak for temporary workers.  Keeping track of these moves and changes within an organisation can be challenging when there are other priorities. An in-depth analysis of access rights and privileges done during the break (or any time) can reveal non-terminated accounts for ex-employees that could pose a risk.  Identifying these and agreeing to a regime of regular access risk assessment should help make 2016 a year when the damage from security threats are mitigated not multiplied.