via Security Intelligence
The holiday rush is upon us, and so is the risk of cyberattack. Threat actors often get to work during the holidays. IT staff is heading out for vacation, and everyone is in a hurry. This means we might skimp on security. Still, there are some holiday cybersecurity tips that will help make the season go smoothly.
End of Year and Christmas Cyberattacks
During the holidays, online activity ramps up a lot. Deloitte forecasts that e-commerce sales will grow by 11-15% year-over-year. This will likely result in e-commerce holiday sales reaching between $210 billion and $218 billion this season. And all that bustling around digital stores creates openings for threat actors.
Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) sent out an alert concerning ransomware awareness for holidays and weekends. Obviously, you can’t overhaul your entire cyber defense strategy before the end of the year. But some useful holiday cybersecurity tips can make a difference. First, let’s explore tactics you can implement now. Then, we’ll look at big picture perspectives to improve your long-term cybersecurity.
Holiday Cybersecurity Tips for Right Now
Here are actions you can execute right away to beef up your cybersecurity during the high-risk holiday season.
Tip 1: Be Extra Cautious With Email
Distraction is the cyber criminal’s best friend. It’s best you use work PCs only for work— no online shopping or personal email allowed. This applies to remote work as well. If employees toggle back and forth between work and gift buying, the risk of clicking on a malicious link increases. If a great shopping deal suddenly appears on their browser, they might click before thinking twice.
Credential phishing and ransomware attacks tend to rise during the holidays. Everyone should be extra careful about any email promoting special holiday offers and deals. These attacks are highly refined, with the look and feel of an authentic email from big-name brands.
Bogus emails with a malicious link or attachment could quickly unleash ransomware into your network. Phishing attacks can also be sent via SMS, instant messaging and social networks.
Alert your staff about these risks. Remind them to carefully scrutinize any email that contains links or asks you to download anything.
Tip 2: On-Call IT Security Staff
With IT staff on vacation, fewer eyeballs are on screens to keep track of issues. If you find your site down during the holiday break, do you have a backup plan in place?
At a minimum, who gets called in the event of an after-hours emergency? While this may not prevent an attack, it pays to have IT security staff on call in the event an incident occurs.
Tip 3: Threat Hunting
The FBI and CISA encourage businesses and agencies to engage in preemptive threat hunting. This involves searching for signs of malicious movement to stop attacks or reduce damage after a successful breach.
Threat actors can remain hidden in your network long before anyone detects them. Unseen for months, they can steal large amounts of data. After they take sensitive data, threat actors can then encrypt critical files to be later held for ransom.
In the near term, review your data logs and scan for suspicious activity. If possible, check for repeated failed file modifications, increased CPU/disk activity, inability to access files and abnormal network communications.
The CISA also says to watch out for the following when threat hunting:
- Unusual inbound and outbound network traffic
- Unauthorized escalation of account permissions
- Substantial increase in database read volume
- People logging in or accessing systems from outside their usual location
- User activity or attempted login during odd times.
Holiday Cybersecurity Tips for the Long Term
When you return from the holidays, these actions will improve your overall security by a lot. Don’t put it off until it’s too late.
Tip 4: Set Up Offline Data Backup
Ransomware attacks encrypt critical data files so you can’t access them. Even if you pay the ransom, there’s no guarantee the attackers will decrypt your files. It’s important to have an offline data backup of your most important files.
Resist the temptation to have your backup located somewhere else on your network. Many ransomware variants will seek and delete or encrypt accessible backups. Consider scheduling your backup update and testing to be completed before the holidays every year.
Tip 5: Update, Scan & Patch Software
When it comes to software and applications, it’s important to install the latest updates. Threat actors are always on the lookout for newly discovered vulnerabilities to exploit. If you have outdated (end-of-life) software, you could be exposed to weaknesses with no update.
It pays to develop an unpatched vulnerability plan, which begins with risk prioritization. Vulnerability assessment and scanning may reveal thousands of weak spots, but you can’t fix them all at once. Instead, you should focus on the ones near mission-critical systems and internet-facing servers. A centralized patch management system with risk-based assessment is critical to creating an effective and efficient patch strategy.
Finally, complete scheduled vulnerability testing to make sure your patches are working and to scan for new weak spots.
Tip 6: Implement Identity & Access Management
The who, what, where and when of user access to networks is the essence of identity and access management (IAM). At a minimum, IAM keeps track of logins and permissions, but there’s so much more to it. For example, how do you manage access for employees, customers and partners all at the same time? Plus, the level of access for each employee may vary depending on their jobs, which adds to the complexity.
With the help of artificial intelligence, IAM enables you to monitor and manage your entire user access ecosystem. Through context-based analytics, IT security teams have more precise control and insight into who’s logging in where, and when. This enables the rapid detection of anomalies without having to deploy cumbersome or strict access policies for every single user.
Tip 7: Secure Your Networks
Another threat mitigation tactic the CISA suggests is to secure your network(s). You can start with multilayered network segmentation. With this method, the most critical messages occupy the most secure and reliable layer.
You can also protect network traffic flow by filtering out malicious IP addresses. Likewise, you can prevent users from accessing malicious websites with URL block-lists and/or allow-lists. Finally, scan your network for open and listening ports and close any unneeded ports.
Threat Management Is Year-Round
Threat management isn’t just a holiday thing. Your organization needs to protect critical assets and manage full threat life cycles. An intelligent, integrated unified approach can help you detect advanced threats, respond quickly with precision and recover faster from disruption.
