{"id":7808,"date":"2021-11-23T13:43:19","date_gmt":"2021-11-23T13:43:19","guid":{"rendered":"https:\/\/cybersmart.com\/?p=7808"},"modified":"2021-11-23T13:43:19","modified_gmt":"2021-11-23T13:43:19","slug":"5-ways-to-protect-your-business-from-cyber-threats-this-holiday-season","status":"publish","type":"post","link":"https:\/\/cybersmart.com\/blog\/5-ways-to-protect-your-business-from-cyber-threats-this-holiday-season\/","title":{"rendered":"5 ways to protect your business from cyber threats this holiday season"},"content":{"rendered":"

Black Friday, Cyber Monday, the January and Boxing Day sales. The busiest retail period of the year is almost upon us. But while the holiday season often brings with it bumper sales figures for retailers and bargains for consumers, it also comes with a heightened risk of cyber threats.\u00a0<\/span><\/p>\n

For example, November 2020 saw an <\/span>80% increase<\/span><\/a> in the number of common email phishing scams reported. Meanwhile, the UK\u2019s National Cybersecurity Centre (NCSC) has been gearing up for the period by<\/span> releasing updated guidance<\/span><\/a> for consumers on how to shop online safely.\u00a0<\/span><\/p>\n

However, what\u2019s often less widely discussed is the impact this can have on small businesses. Even if your business has nothing to do with retail, you\u2019re still at risk. Here\u2019s why and what to do about it.\u00a0<\/span><\/p>\n

What risks does the holiday season bring?\u00a0<\/b><\/h3>\n

Before we look at the risks themselves, it\u2019s important to note that the festive season doesn\u2019t necessarily mean more <\/span>targeted <\/span><\/i>attacks on SMEs themselves.\u00a0<\/span><\/p>\n

However, who among us hasn\u2019t done the odd bit of lunchtime shopping on company devices or personal devices used for work? And it\u2019s this clandestine bargain hunting that poses the problem. It gives cybercriminals a route into your business.\u00a0<\/span><\/p>\n

Phishing scams<\/b>
\n<\/b><\/h4>\n

Phishing scams<\/span><\/a> are a year-round problem. But during major retail events like Black Friday, the chances of a successful attack grow exponentially. With so many of us frantically shopping around for the best deals, our ability to spot the telltale signs of a scam often diminishes as quickly as our bank balances.\u00a0<\/span><\/p>\n

It\u2019s a simple but potentially disastrous equation. If you\u2019re in a bit of a rush, you\u2019re not in the best frame of mind for considered judgements. And, if you\u2019re already shopping, a fake email claiming to relate to what you\u2019re doing online might not set off the alarm bells it normally would.\u00a0<\/span><\/p>\n

Fake online retailers\u00a0<\/b><\/h4>\n

Black Friday often comes with a deluge of fake websites claiming to sell this year\u2019s must-have products at bargain prices. Unfortunately, most of these are simply fronts for cybercriminals to acquire consumers\u2019 data or launch attacks. Like phishing scams, these can be hard to spot in the hurly-burly of major retail events, making a successful attack much more likely.\u00a0<\/span><\/p>\n

Outdated software\u00a0<\/b><\/h4>\n

Again, this is a problem 365 days of the year. But the festive season provides the perfect cover for hackers to test out the vulnerabilities of popular software.\u00a0<\/span><\/p>\n

Firstly, because technical teams\u2019 attention tends to be focused on ensuring apps can handle the sudden surge in demand rather than security. Secondly, because many consumers will suddenly be using apps they haven\u2019t used or updated in months, often on devices with access to your business data.\u00a0<\/span><\/p>\n

Public and home networks<\/b><\/h4>\n

You probably have decent network protection in your physical workplace, but do your staff working from home? And does the cafe around the corner with the free WiFi that everyone uses?<\/span>
\n<\/span>
\n<\/span>Unsecure public and home networks don\u2019t stop being a problem for the rest of the year, but during busy retail periods, when people are much more likely to shop online, the risk is heightened. It gives cybercriminals an unbelievably simple way to hack into any unsecured devices on the network. Once in, they\u2019ll be able to get to any company assets accessible from that device.\u00a0<\/span><\/p>\n

Weak passwords\u00a0<\/b><\/h4>\n

You\u2019ll hear us talking about <\/span>the importance of strong passwords<\/span><\/a> a lot. It\u2019s the simplest thing you can change to improve your cybersecurity. However, passwords become doubly important in busy retail periods due to the amount of traffic on popular sites. It\u2019s the perfect setting for cybercriminals to try out large-scale brute-force attacks and find out whose passwords aren\u2019t strong enough.\u00a0<\/span><\/p>\n

What can you do to protect your business?\u00a0<\/b><\/h3>\n

1. Educate your team about the risks<\/strong><\/h4>\n

A huge proportion of successful cyber attacks stem from human error (<\/span>95% according to some<\/span><\/a>) so helping your team understand the risks is crucial to avoiding them. <\/span>
\n<\/span>
\n<\/span>You should approach this in two ways: immediate education and long-term training. In the short term, educate your people on the risks outlined in this piece. It doesn\u2019t have to be more than a short email sent out before the festive season really kicks off. <\/span>
\n<\/span>
\n<\/span>However, a quick nudge to your staff to be mindful of the risks is no substitute for long-term behavioural change. For this, you need security training. How you approach this will largely depend on your business and the cybersecurity knowledge within it but, to get you started, we\u2019ve put together <\/span>a short blog on the subject.<\/span><\/a>\u00a0<\/span><\/p>\n

2. Patch your software<\/b><\/h4>\n

The <\/span>importance of updating your software<\/span><\/a> can\u2019t be overstated. Without regular updates, you leave plenty of little holes in your software for cybercriminals to exploit. So, ensure everyone in your business is constantly installing updates and patches for the software on their devices \u2013 even if it\u2019s an app or tool they rarely use.\u00a0<\/span><\/p>\n

It\u2019s a simple thing and won\u2019t take you more than a few minutes each month. But, it can also work wonders for improving your cybersecurity.\u00a0<\/span><\/p>\n

3. Provide staff with clear cybersecurity policies\u00a0<\/b><\/h4>\n

We say this a lot but it never gets any less true. If your people don\u2019t know what security behaviours are expected of them at work, they\u2019ll keep getting it wrong. <\/span>
\n<\/span>
\n<\/span>Clear, well-crafted company policies on cybersecurity and data protection can go a long way to removing confusion around the subject. And, most importantly, help diminish the risk of a successful attack.\u00a0<\/span><\/p>\n

A good cybersecurity policy should outline what employees should or shouldn\u2019t do, offer directions on best practices, and guidance for decision making. For more on how to build one, <\/span>read this<\/span><\/a>.<\/span><\/p>\n

4. Practice good password hygiene\u00a0<\/b><\/h4>\n

Like patching, this is a simple fix that can immediately improve your cybersecurity. So what does good password hygiene look like? Well, we recommend four steps:<\/span><\/p>\n