Five Tips to Put the Bah Humbug in Their Holiday Capers

Since the outbreak of the coronavirus pandemic in 2020, many organizations have struggled to stay a step ahead of attackers who are taking advantage of remote workforces and rapidly adopted technologies—many of which don’t have the same cyber protections and training we might have once expected in an onsite business world. 

As such, your organization may now be more vulnerable than ever. And, this holiday season, as your workers get distracted thinking about the holidays and sometimes slower-than-average workflows at year-end, they very well put their guards down, further opening doors for threat actors to take advantage of your security weaknesses. 

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warn that “highly impactful” ransomware attacks often increase during the holidays and weekends when offices are normally closed. Just because your employees might be looking forward to taking time off this holiday season doesn’t mean attackers will do the same. 

A new report from Cybereason echoes FBI and CISA concerns saying that holiday and weekend ransomware attacks often catch organizations off guard. As a result, they experience  

larger revenue losses and longer recovery times.  

In the report, some 34% of respondents said that when hit by a ransomware attack during the holidays or on the weekend, it takes longer than normal to get incident response teams into play and the same amount of respondents said it also takes them longer to assess attack scope and it resulted in longer than normal recovery times.  

That’s not surprising when the report also notes that in the U.S. 50% of respondents indicated they typically staff at 50% or less during these times. These attacks generally cause a loss of revenue and negatively impact employee lives, especially those who must take time away from family and friends during the holidays and on weekends to respond to and recover from ransomware attacks. 

So, what can you do to bah humbug attackers and their ransomware gifts? Here are five ideas: 

  1. Tie up your systems and software with a big bow of patching and updates to decrease the chance of vulnerability and misconfiguration exploitation. 
  2. Remind your employees that unknown attachments are never gifts and they should be tossed right into the trash bin untouched, right after they ring the bell to alert your security teams. 
  3. Educate your teams about those naughty little elves who like to pretend they’re someone else in an attempt to steal credentials so they can run amuck undetected in your workshops wreaking havoc that’s no fun to clean up. 
  4. Wrap up all your data and systems neatly and securely to ensure no prying eyes can improperly access, use, change, delete, or exfiltrate your sensitive and proprietary data. 
  5. Stay alert. It’s easy to doze off during the relaxed holiday season, but never let your guard down. Most people trying to slide down the chimney into your networks aren’t as well-intentioned as Old Saint Nick. Make sure your employees are routinely trained to spot potential ransomware attacks

Follow along in our 12 Days of Cybersecurity on our LinkedIn. Learn more about how Apptega can simplify day-to-day cybersecurity and compliance management and schedule a custom tour of the Apptega platform.