December 19, 2017 By Douglas Bonderud 3 min read

Hackers love the holidays. As noted by the San Antonio Express-News, consumer cyberattacks increased by 20 percent through November and December of last year when compared to the previous 10 months, while The Washington Times pointed out that cyberattack attempts spike on Cyber Monday.

When users are spending big and already under stress, they’re more likely to make mistakes that compromise account security. For enterprises, however, there’s an even bigger challenge on the horizon: Cybersecurity breaches that happen when employees take work home during their winter breaks. How can companies keep hacks out of the holidays?

The Holiday Security Conundrum

Some staff members choose to work over the break, while others are compelled to stay in touch. When they’re away from the office, employees need a secure way to access, transmit and store critical corporate data.

As noted by TechRepublic, 24 percent of users leverage free Wi-Fi hot spots to complete their work, while 28 percent email secure corporate documents to personal accounts. This combination tops any fraudster’s holiday list: Data transmitted over insecure public connections and then forwarded to free email services, which can be easily breached over public Wi-Fi networks or by creating dummy networks purely for the purpose of information gathering.

What’s more, 15 percent of staff members said they connect USB drives and memory cards to work computers and then share these cards with family members, increasing both the risk of accidental data exfiltration and incoming malicious code.

Given these common security lapses, it’s little wonder that cybersecurity breaches increase over the holidays. Employees who are paid to work but have no access to the office still need to get their work done — and they want to get it done as quickly as possible to spend more time with family.

While holiday habits and a lack of corporate network access contribute to increased data risk, more basic issues persist. As noted by TechRepublic, almost 30 percent of employees asked reported that “they have never in their working career had any cybersecurity training to protect themselves and their employer against threats.” As a result, even employees aware of potential risks may be ill-equipped to limit the impact of cybersecurity breaches.

According to Forbes, meanwhile, recent data revealed that many companies are still using an “antiquated kit” to defend against advanced cyberattacks, making it easy for cybercriminals to bypass existing protections.

Prevent Cybersecurity Breaches With Pre-Holiday Training

Reining in holiday risk demands a two-pronged approach. First, enterprises must recognize the shared responsibility among security technology and staff members. Aging solutions and solid training face the same limitations as great technology and minimal employee engagement.

Solving the seasonal conundrum also demands upfront investment in cloud-enabled security solutions that can actively detect emerging threats and take effective countermeasures while simultaneously making time for employee training. Although training will vary by company, below are some basic guidelines to help reduce risk.

  • Have regular refreshers: Stale training isn’t useful. Since the goal is to improve holiday defense, schedule training at least once year and ensure that it occurs just prior to the holiday season so staff members are consciously aware of security risk.
  • Get practical: Vague descriptions of “hacks” and “data theft” won’t cut it. Give staff members concrete examples of phishing scams and application compromise, and then provide real-world training scenarios to see what they’ve learned.
  • Be clear: Better for staff to leave work at the office than to compromise security over the holidays. Make expectations for data handling and storage clear and lay out the consequences for noncompliance. While the goal here is an open and honest discussion about potential security problems, staff members must understand the bottom line.

Cybersecurity breaches can hamper holiday cheer. Give employees the gift of better tools and great training to rein in this risk.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today