Hackers love the holidays.
Everyone loves a long holiday weekend, especially hackers. While you and your team are busy preparing for holiday celebrations–wrapping up presents at home and projects at work–hackers are ramping up their efforts to hack into your network and steal a few presents of their own.
Why do they love long holiday weekends?
- Team members take time off: Hackers know there are fewer people on hand to alert to potential security problems. For example, John is out for three days and isn’t there to see that the names of files, that hold sensitive client information, have been changed. Becky from accounting isn’t around to notice the emails sent from her Outlook account that she didn’t create. 2.
- IT Security may have skeleton staffing: Hackers count on IT security team members taking time off too. They hope that the systems in place aren’t automated, alerting, or being monitored closely. If alerts do go off, there’ s a greater chance no one is paying attention. That way hackers have more time in your system to do their research, steal your data, and shut you down.
- The busyness of the season: Your team members are trying to finish projects or tasks so they can enjoy a much-deserved vacation. They may unwittingly miss a few steps to get a job done faster. For example, not verifying a fake email that looks like a legitimate request for an unexpected vender payment or being too busy to think twice about a second login screen that pops up and not even realizing they’ve just given up their email credentials.
- Increased pressure and urgency for leaders: Any attack is stressful, but hackers know that striking at the eleventh hour when everyone leaves for a holiday weekend creates even greater stress and urgency for leaders. They’re hoping business owners will make mistakes in the process and give into their demands.
Hackers are opportunists, they love any holiday, here are a few recent examples: JBS meat processor (Memorial Day weekend, 2021); Colonial Pipeline (Mother’s Day weekend, 2021); Kaseya, a major U.S. IT supplier (Fourth of July weekend, 2021).
Not surprisingly, the FBI issued warnings urging vigilance before the long Thanksgiving weekend this year. As we head toward the Christmas and New Year holidays, Network People is being hyper-vigilant too, are you?
You and your team’s vigilance can be the difference between a relaxing holiday spent at home with your loved ones or a stressful holiday and new year spent recovering from a security event. Our team has put together a list of things to remember as you prepare for the holidays around the office.
- Watch where you click: One wrong click can install malicious code onto a device. Don’t click on anything in an unsolicited email asking you to update, login, or verify account information.
- Take your time: Hackers often use a sense of urgency to get you to act without questioning. For example, “The department director needs this account information changed by noon.” Tell your team that urgency does not override the need to verify, no matter who is making the request. This actually works both ways. C-level executives are often targeted because hackers know you’re busy and your credentials can give them greater access to company data. An email from your finance director requesting sensitive banking or login information should always be verified too.
- Watch out for fake email scams (a.k.a., business email compromise): This can cause some of the greatest damage financially. Email phishing and texting scams are at an all-time high. The 2021 Verizon Data Breach Investigations Report (DBIT) that 36% of breaches involve some type of email phishing. It could be a fake email account disguised as a client, vendor, or even a bank. Read messages carefully. Watch for unusual requests, spelling errors, and fake email addresses. Train your team to verify all transactions by another form of communication other than email or text.
- Beware of gift card scams: A common scam is to impersonate a manager, owner, or C-level executive and request that gift cards for employees be purchased and sent to them. It’s easy to think you would never do this, but we know of well-trained employees who have fallen for this scam. Once again, the key here is to verify all transactions by another form of communication other than email or text.
- Look for red flags:
Is your device running slowly?
Does the cursor move on its own?
Did you log into your email account only to find that it was already open?
Have file names changed without you doing so?
Have login prompts appeared that you didn’t request?
- Install multi-factor Authentication: Use the Microsoft Authenticator or DUO apps. This can be done quickly and before the holidays. If someone does obtain your login information, you will still be protected because they don’t have your phone. Here’s a link to an article that explains how: How to Setup Two-Factor Authentication (2FA) for Microsoft 365 – Network People Inc
Since it’s the season for sharing, we encourage you to share these tips with others. Have a cyber-safe and happy holiday!