Today I’d like to share with you a non-exhaustive list of things for large or medium size companies to take care of the protection of your business during the holidays. These tips however, are valid also when you are back and working.

1. Incoming threat: during holidays people may enter your building claiming they are visiting a member of staff working there. While inside they could easily connect a device to your network creating a way to receive your data by penetrating it. The fact that everyone’s minds are on the holidays and the company is closing for this period of time makes it less possible for the added device to be detected. Especially if the criminal has time to find a spot, which is not in a common area or in the sight of the network security personnel, the device can stay there for months, undetected.

2. Receiving a gift: corporate promotional gifts are common during holidays so getting a gift does not raise any red flags for the receiver. Criminals however are very resourceful when they want to get inside a business. Especially in the case of a big corporation they prefer close proximity to cancel/neutralize your advantage of high-end security. Hidden cameras, bugs or undetected malware memory sticks are the trend and one of the easiest ways for corporate espionage. The receiver is excited and places it into their office thus giving a criminal access to their vulnerabilities.

3. A malware coupon: almost everyone uses coupons to get lower prices on the items they are interested in. If the cyber-criminals know your shopping preferences (and they are easier to find than you think) they can easily craft a malware coupon for your favorite brand and deliver it to your email tricking you into entering a phishing website. From that point on you are looking at threats from credit card theft to an undetected malware in your business network. I am sorry for breaking the news, but awareness is the first step in protection. Yes, your antiviruses and anti-malware cannot protect you from all attacks so, it depends on you to not be misled by cyber-criminals.

Want a little help?

4. Virtual masqueraded wishes: The best way to get into a business network is taking advantage of the personnel and it takes just one person to fall into the trap. I said it many times that your providers or collaborators can be your weak link and cyber-criminals often use them as a Trojan horse against you. So, compromising one of your collaborators or providers can lead to a crafted virtual wish email or message that can hide a malware inside and becomes the means to compromise your network. Wishes from someone you know (and cyber criminals can mimic that) puts your guard down even in the best cases.

5. Your blind spots: your alarm systems are set on and off based on your normal operating schedule. However, during the holidays one of the most common mistakes I notice businesses make is forgetting to change the time creating a window of opportunity for a criminal to enter and damage your business. Remember, today’s attacks are hybrid meaning they combine physical and virtual attacks. Thus, a criminal will evaluate the situation and if it is easier for them to get your valuable data by entering the building in comparison to trying to bypass your network, they will do it.

Obviously, such attacks take place not only during holidays, but cyber-criminals prefer special occasions because:

• Employees’ guards are down or significantly lower,
• Security measures may have an opening because of the change in the normal routine, and
• They can take advantage of the psychological stage of employees by altering theme concepts. By content theme I am referring to holidays, a known software etc.

So I am now turning it over to you. If you found these tips useful please share it with others. I would also like to hear your thoughts:

What measures can you take during holidays in order to minimize your possibilities of getting hacked during the process?

I cannot wait to hear your comments so, leave them below and let’s continue the conversation. 

Apply what you learn immediately. Download “Master your protection” free quick start guide.