{"id":7808,"date":"2021-11-23T13:43:19","date_gmt":"2021-11-23T13:43:19","guid":{"rendered":"https:\/\/cybersmart.com\/?p=7808"},"modified":"2021-11-23T13:43:19","modified_gmt":"2021-11-23T13:43:19","slug":"5-ways-to-protect-your-business-from-cyber-threats-this-holiday-season","status":"publish","type":"post","link":"https:\/\/cybersmart.com\/blog\/5-ways-to-protect-your-business-from-cyber-threats-this-holiday-season\/","title":{"rendered":"5 ways to protect your business from cyber threats this holiday season"},"content":{"rendered":"
Black Friday, Cyber Monday, the January and Boxing Day sales. The busiest retail period of the year is almost upon us. But while the holiday season often brings with it bumper sales figures for retailers and bargains for consumers, it also comes with a heightened risk of cyber threats.\u00a0<\/span><\/p>\n For example, November 2020 saw an <\/span>80% increase<\/span><\/a> in the number of common email phishing scams reported. Meanwhile, the UK\u2019s National Cybersecurity Centre (NCSC) has been gearing up for the period by<\/span> releasing updated guidance<\/span><\/a> for consumers on how to shop online safely.\u00a0<\/span><\/p>\n However, what\u2019s often less widely discussed is the impact this can have on small businesses. Even if your business has nothing to do with retail, you\u2019re still at risk. Here\u2019s why and what to do about it.\u00a0<\/span><\/p>\n Before we look at the risks themselves, it\u2019s important to note that the festive season doesn\u2019t necessarily mean more <\/span>targeted <\/span><\/i>attacks on SMEs themselves.\u00a0<\/span><\/p>\n However, who among us hasn\u2019t done the odd bit of lunchtime shopping on company devices or personal devices used for work? And it\u2019s this clandestine bargain hunting that poses the problem. It gives cybercriminals a route into your business.\u00a0<\/span><\/p>\n Phishing scams<\/span><\/a> are a year-round problem. But during major retail events like Black Friday, the chances of a successful attack grow exponentially. With so many of us frantically shopping around for the best deals, our ability to spot the telltale signs of a scam often diminishes as quickly as our bank balances.\u00a0<\/span><\/p>\n It\u2019s a simple but potentially disastrous equation. If you\u2019re in a bit of a rush, you\u2019re not in the best frame of mind for considered judgements. And, if you\u2019re already shopping, a fake email claiming to relate to what you\u2019re doing online might not set off the alarm bells it normally would.\u00a0<\/span><\/p>\n Black Friday often comes with a deluge of fake websites claiming to sell this year\u2019s must-have products at bargain prices. Unfortunately, most of these are simply fronts for cybercriminals to acquire consumers\u2019 data or launch attacks. Like phishing scams, these can be hard to spot in the hurly-burly of major retail events, making a successful attack much more likely.\u00a0<\/span><\/p>\n Again, this is a problem 365 days of the year. But the festive season provides the perfect cover for hackers to test out the vulnerabilities of popular software.\u00a0<\/span><\/p>\n Firstly, because technical teams\u2019 attention tends to be focused on ensuring apps can handle the sudden surge in demand rather than security. Secondly, because many consumers will suddenly be using apps they haven\u2019t used or updated in months, often on devices with access to your business data.\u00a0<\/span><\/p>\n You probably have decent network protection in your physical workplace, but do your staff working from home? And does the cafe around the corner with the free WiFi that everyone uses?<\/span> You\u2019ll hear us talking about <\/span>the importance of strong passwords<\/span><\/a> a lot. It\u2019s the simplest thing you can change to improve your cybersecurity. However, passwords become doubly important in busy retail periods due to the amount of traffic on popular sites. It\u2019s the perfect setting for cybercriminals to try out large-scale brute-force attacks and find out whose passwords aren\u2019t strong enough.\u00a0<\/span><\/p>\n A huge proportion of successful cyber attacks stem from human error (<\/span>95% according to some<\/span><\/a>) so helping your team understand the risks is crucial to avoiding them. <\/span> The <\/span>importance of updating your software<\/span><\/a> can\u2019t be overstated. Without regular updates, you leave plenty of little holes in your software for cybercriminals to exploit. So, ensure everyone in your business is constantly installing updates and patches for the software on their devices \u2013 even if it\u2019s an app or tool they rarely use.\u00a0<\/span><\/p>\n It\u2019s a simple thing and won\u2019t take you more than a few minutes each month. But, it can also work wonders for improving your cybersecurity.\u00a0<\/span><\/p>\n We say this a lot but it never gets any less true. If your people don\u2019t know what security behaviours are expected of them at work, they\u2019ll keep getting it wrong. <\/span> A good cybersecurity policy should outline what employees should or shouldn\u2019t do, offer directions on best practices, and guidance for decision making. For more on how to build one, <\/span>read this<\/span><\/a>.<\/span><\/p>\n Like patching, this is a simple fix that can immediately improve your cybersecurity. So what does good password hygiene look like? Well, we recommend four steps:<\/span><\/p>\n And, once you\u2019ve undertaken these four steps, roll it out to your business. Create a password policy and make sure everyone follows it.<\/span><\/p>\n Last, use a <\/span>Virtual Private Network (VPN)<\/span><\/a> for all remote work, even those trips to the local coffee shop. If your employees are using public networks or their home router it\u2019s likely to be far less secure than your office network. According to a report from BitSight, home office networks are <\/span>3.5 times more likely<\/span><\/a> than corporate networks to be infected by malware.<\/span><\/p>\n A VPN can help you counter this by creating a secure connection to business systems and data, from wherever your staff choose to work.\u00a0<\/span><\/p>\n Want to know more about how to switch to hybrid or remote working safely? Download our guide, Cyber Safety in a New Era of Work <\/span>here<\/span><\/a>.<\/span><\/p>\nWhat risks does the holiday season bring?\u00a0<\/b><\/h3>\n
Phishing scams<\/b>
\n<\/b><\/h4>\nFake online retailers\u00a0<\/b><\/h4>\n
Outdated software\u00a0<\/b><\/h4>\n
Public and home networks<\/b><\/h4>\n
\n<\/span>
\n<\/span>Unsecure public and home networks don\u2019t stop being a problem for the rest of the year, but during busy retail periods, when people are much more likely to shop online, the risk is heightened. It gives cybercriminals an unbelievably simple way to hack into any unsecured devices on the network. Once in, they\u2019ll be able to get to any company assets accessible from that device.\u00a0<\/span><\/p>\nWeak passwords\u00a0<\/b><\/h4>\n
What can you do to protect your business?\u00a0<\/b><\/h3>\n
1. Educate your team about the risks<\/strong><\/h4>\n
\n<\/span>
\n<\/span>You should approach this in two ways: immediate education and long-term training. In the short term, educate your people on the risks outlined in this piece. It doesn\u2019t have to be more than a short email sent out before the festive season really kicks off. <\/span>
\n<\/span>
\n<\/span>However, a quick nudge to your staff to be mindful of the risks is no substitute for long-term behavioural change. For this, you need security training. How you approach this will largely depend on your business and the cybersecurity knowledge within it but, to get you started, we\u2019ve put together <\/span>a short blog on the subject.<\/span><\/a>\u00a0<\/span><\/p>\n2. Patch your software<\/b><\/h4>\n
3. Provide staff with clear cybersecurity policies\u00a0<\/b><\/h4>\n
\n<\/span>
\n<\/span>Clear, well-crafted company policies on cybersecurity and data protection can go a long way to removing confusion around the subject. And, most importantly, help diminish the risk of a successful attack.\u00a0<\/span><\/p>\n4. Practice good password hygiene\u00a0<\/b><\/h4>\n
\n
5. Use a VPN\u00a0<\/b><\/h4>\n