December 19, 2017 By Douglas Bonderud 3 min read

Hackers love the holidays. As noted by the San Antonio Express-News, consumer cyberattacks increased by 20 percent through November and December of last year when compared to the previous 10 months, while The Washington Times pointed out that cyberattack attempts spike on Cyber Monday.

When users are spending big and already under stress, they’re more likely to make mistakes that compromise account security. For enterprises, however, there’s an even bigger challenge on the horizon: Cybersecurity breaches that happen when employees take work home during their winter breaks. How can companies keep hacks out of the holidays?

The Holiday Security Conundrum

Some staff members choose to work over the break, while others are compelled to stay in touch. When they’re away from the office, employees need a secure way to access, transmit and store critical corporate data.

As noted by TechRepublic, 24 percent of users leverage free Wi-Fi hot spots to complete their work, while 28 percent email secure corporate documents to personal accounts. This combination tops any fraudster’s holiday list: Data transmitted over insecure public connections and then forwarded to free email services, which can be easily breached over public Wi-Fi networks or by creating dummy networks purely for the purpose of information gathering.

What’s more, 15 percent of staff members said they connect USB drives and memory cards to work computers and then share these cards with family members, increasing both the risk of accidental data exfiltration and incoming malicious code.

Given these common security lapses, it’s little wonder that cybersecurity breaches increase over the holidays. Employees who are paid to work but have no access to the office still need to get their work done — and they want to get it done as quickly as possible to spend more time with family.

While holiday habits and a lack of corporate network access contribute to increased data risk, more basic issues persist. As noted by TechRepublic, almost 30 percent of employees asked reported that “they have never in their working career had any cybersecurity training to protect themselves and their employer against threats.” As a result, even employees aware of potential risks may be ill-equipped to limit the impact of cybersecurity breaches.

According to Forbes, meanwhile, recent data revealed that many companies are still using an “antiquated kit” to defend against advanced cyberattacks, making it easy for cybercriminals to bypass existing protections.

Prevent Cybersecurity Breaches With Pre-Holiday Training

Reining in holiday risk demands a two-pronged approach. First, enterprises must recognize the shared responsibility among security technology and staff members. Aging solutions and solid training face the same limitations as great technology and minimal employee engagement.

Solving the seasonal conundrum also demands upfront investment in cloud-enabled security solutions that can actively detect emerging threats and take effective countermeasures while simultaneously making time for employee training. Although training will vary by company, below are some basic guidelines to help reduce risk.

  • Have regular refreshers: Stale training isn’t useful. Since the goal is to improve holiday defense, schedule training at least once year and ensure that it occurs just prior to the holiday season so staff members are consciously aware of security risk.
  • Get practical: Vague descriptions of “hacks” and “data theft” won’t cut it. Give staff members concrete examples of phishing scams and application compromise, and then provide real-world training scenarios to see what they’ve learned.
  • Be clear: Better for staff to leave work at the office than to compromise security over the holidays. Make expectations for data handling and storage clear and lay out the consequences for noncompliance. While the goal here is an open and honest discussion about potential security problems, staff members must understand the bottom line.

Cybersecurity breaches can hamper holiday cheer. Give employees the gift of better tools and great training to rein in this risk.

More from

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

DOD establishes Office of the Assistant Secretary of Defense for Cyber Policy

2 min read - The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role.“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today