Light Dark
December 19, 2017 By Douglas Bonderud 3 min read

Hackers love the holidays. As noted by the San Antonio Express-News, consumer cyberattacks increased by 20 percent through November and December of last year when compared to the previous 10 months, while The Washington Times pointed out that cyberattack attempts spike on Cyber Monday.

When users are spending big and already under stress, they’re more likely to make mistakes that compromise account security. For enterprises, however, there’s an even bigger challenge on the horizon: Cybersecurity breaches that happen when employees take work home during their winter breaks. How can companies keep hacks out of the holidays?

The Holiday Security Conundrum

Some staff members choose to work over the break, while others are compelled to stay in touch. When they’re away from the office, employees need a secure way to access, transmit and store critical corporate data.

As noted by TechRepublic, 24 percent of users leverage free Wi-Fi hot spots to complete their work, while 28 percent email secure corporate documents to personal accounts. This combination tops any fraudster’s holiday list: Data transmitted over insecure public connections and then forwarded to free email services, which can be easily breached over public Wi-Fi networks or by creating dummy networks purely for the purpose of information gathering.

What’s more, 15 percent of staff members said they connect USB drives and memory cards to work computers and then share these cards with family members, increasing both the risk of accidental data exfiltration and incoming malicious code.

Given these common security lapses, it’s little wonder that cybersecurity breaches increase over the holidays. Employees who are paid to work but have no access to the office still need to get their work done — and they want to get it done as quickly as possible to spend more time with family.

While holiday habits and a lack of corporate network access contribute to increased data risk, more basic issues persist. As noted by TechRepublic, almost 30 percent of employees asked reported that “they have never in their working career had any cybersecurity training to protect themselves and their employer against threats.” As a result, even employees aware of potential risks may be ill-equipped to limit the impact of cybersecurity breaches.

According to Forbes, meanwhile, recent data revealed that many companies are still using an “antiquated kit” to defend against advanced cyberattacks, making it easy for cybercriminals to bypass existing protections.

Prevent Cybersecurity Breaches With Pre-Holiday Training

Reining in holiday risk demands a two-pronged approach. First, enterprises must recognize the shared responsibility among security technology and staff members. Aging solutions and solid training face the same limitations as great technology and minimal employee engagement.

Solving the seasonal conundrum also demands upfront investment in cloud-enabled security solutions that can actively detect emerging threats and take effective countermeasures while simultaneously making time for employee training. Although training will vary by company, below are some basic guidelines to help reduce risk.

  • Have regular refreshers: Stale training isn’t useful. Since the goal is to improve holiday defense, schedule training at least once year and ensure that it occurs just prior to the holiday season so staff members are consciously aware of security risk.
  • Get practical: Vague descriptions of “hacks” and “data theft” won’t cut it. Give staff members concrete examples of phishing scams and application compromise, and then provide real-world training scenarios to see what they’ve learned.
  • Be clear: Better for staff to leave work at the office than to compromise security over the holidays. Make expectations for data handling and storage clear and lay out the consequences for noncompliance. While the goal here is an open and honest discussion about potential security problems, staff members must understand the bottom line.

Cybersecurity breaches can hamper holiday cheer. Give employees the gift of better tools and great training to rein in this risk.

 |  |  |  |  |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

December 20, 2024

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

December 19, 2024

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

December 19, 2024

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature