“It’s the most vulnerable time of the year.” Ok, so that’s not exactly what Andy Williams sang on his famous festive song, but it is nevertheless true: cyber criminals don’t take a holiday, so your chances of being a victim of a cyber attack can increase over Christmas and New Year.
Christmas holidays are a prime time for criminals to take advantage of. At this time of year, organisations will start to close and will be running with a heavily reduced staff count which can make organisations vulnerable.
For example, on the Christmas Eve of 2020, the Scottish Environment Protection Agency’s digital systems were held under attack. It knocked several of their key systems offline causing major disruption to their staff and made it difficult for them to do their work.
So ask yourself some business critical questions before you down tools this Christmas, and have a look at our handy checklist before the Big Man arrives.
Does your current security strategy include a plan for cyber attacks during the holidays?
The benefits of having a business continuity plan are undeniable. When disaster strikes, getting business operations back up and running quickly is crucial. No business is immune to potential threats, no matter how big or small your organisation is.
Make sure you have taken all the necessary steps to secure your IT unfractured ahead of time. From protecting your website, safeguarding your customer details to training your staff it’s time to take a closer look at your organisation’s cyber security.
Take the time now to review your business continuity plan and know where you can seek advice and support should you need it.
Developing a plan
A Cyber Incident Response Plan is a set of instructions that are designed to help you prepare, detect, respond and recover from cyber incidents. Having a plan will outline the recovery process, so that everyone knows what is required of them during an incident. Each department in your organisation should understand the incident response procedure.
Regular back-ups
Ransomware has been a growing cyber security threat, and one which could affect any organisation that does not have appropriate defences.
Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted.
You should perform a regular back-up of your systems and data, which will enable quick restoration of business functions. Importantly, having offline versions of your backups is your best defence, as you can wipe any encrypted devices and restore from your offline back up.
Read the NCSC’s blog on offline backups for more advice and how to defend your organisation from potential malware and ransomware attacks.
Keep all software up to date
All sorts of electronic devices can hold personal or financial data so it’s important to make sure you secure these devices with strong passwords and update the software regularly.
Companies fix any weaknesses by releasing updates. You should always make sure to install the latest software updates to protect your devices from vulnerabilities. Take some time to review your security settings on all your devices and make sure you’re protected against the latest threats.
Small Business Guide
The NCSC’s Small Business Guide and Small Charity Guide includes simple steps you can take to protect yourself and your business from cyber security risks. Doing these steps will significantly increase your protection from the most common types of cyber crime.
By proactively addressing the cyber security in your organisation, you can enjoy the holidays knowing you have minimized any potential risks.
Who to contact for support
Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cyber crime in England, Wales and Northern Ireland.
They provide a central point of contact for information about fraud and financially motivated internet crime.
The service is run by the City of London Police working alongside the National Fraud Intelligence Bureau (NFIB) who are responsible for assessment of the reports and to ensure that your reports reach the right place. The City of London Police is the national policing lead for economic crime.
You can talk to their fraud and cybercrime specialists by calling 0300 123 2040.
We're here too
We'll be active and available in those days in-between Christmas and New Year (Twixmas anyone?) so don't hesitate to contact us if you need guidance.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).