December 19, 2017 By Douglas Bonderud 3 min read

Hackers love the holidays. As noted by the San Antonio Express-News, consumer cyberattacks increased by 20 percent through November and December of last year when compared to the previous 10 months, while The Washington Times pointed out that cyberattack attempts spike on Cyber Monday.

When users are spending big and already under stress, they’re more likely to make mistakes that compromise account security. For enterprises, however, there’s an even bigger challenge on the horizon: Cybersecurity breaches that happen when employees take work home during their winter breaks. How can companies keep hacks out of the holidays?

The Holiday Security Conundrum

Some staff members choose to work over the break, while others are compelled to stay in touch. When they’re away from the office, employees need a secure way to access, transmit and store critical corporate data.

As noted by TechRepublic, 24 percent of users leverage free Wi-Fi hot spots to complete their work, while 28 percent email secure corporate documents to personal accounts. This combination tops any fraudster’s holiday list: Data transmitted over insecure public connections and then forwarded to free email services, which can be easily breached over public Wi-Fi networks or by creating dummy networks purely for the purpose of information gathering.

What’s more, 15 percent of staff members said they connect USB drives and memory cards to work computers and then share these cards with family members, increasing both the risk of accidental data exfiltration and incoming malicious code.

Given these common security lapses, it’s little wonder that cybersecurity breaches increase over the holidays. Employees who are paid to work but have no access to the office still need to get their work done — and they want to get it done as quickly as possible to spend more time with family.

While holiday habits and a lack of corporate network access contribute to increased data risk, more basic issues persist. As noted by TechRepublic, almost 30 percent of employees asked reported that “they have never in their working career had any cybersecurity training to protect themselves and their employer against threats.” As a result, even employees aware of potential risks may be ill-equipped to limit the impact of cybersecurity breaches.

According to Forbes, meanwhile, recent data revealed that many companies are still using an “antiquated kit” to defend against advanced cyberattacks, making it easy for cybercriminals to bypass existing protections.

Prevent Cybersecurity Breaches With Pre-Holiday Training

Reining in holiday risk demands a two-pronged approach. First, enterprises must recognize the shared responsibility among security technology and staff members. Aging solutions and solid training face the same limitations as great technology and minimal employee engagement.

Solving the seasonal conundrum also demands upfront investment in cloud-enabled security solutions that can actively detect emerging threats and take effective countermeasures while simultaneously making time for employee training. Although training will vary by company, below are some basic guidelines to help reduce risk.

  • Have regular refreshers: Stale training isn’t useful. Since the goal is to improve holiday defense, schedule training at least once year and ensure that it occurs just prior to the holiday season so staff members are consciously aware of security risk.
  • Get practical: Vague descriptions of “hacks” and “data theft” won’t cut it. Give staff members concrete examples of phishing scams and application compromise, and then provide real-world training scenarios to see what they’ve learned.
  • Be clear: Better for staff to leave work at the office than to compromise security over the holidays. Make expectations for data handling and storage clear and lay out the consequences for noncompliance. While the goal here is an open and honest discussion about potential security problems, staff members must understand the bottom line.

Cybersecurity breaches can hamper holiday cheer. Give employees the gift of better tools and great training to rein in this risk.

More from

Poland spending $760 million on cybersecurity after attack

3 min read - Visitors to the Polish Press Agency (PAP) website on May 31 at 2 p.m. Polish time were met with an unusual message. Instead of the typical daily news, the state-run newspaper had supposedly published a story announcing that a partial mobilization, which means calling up specific people to serve in the armed forces, was ordered by Polish Prime Minister Donald Tusk beginning on July 1, 2024. Deputy Prime Minister Krzysztof Gawkowski refuted the claim on X (formerly Twitter). His post…

How generative AI Is expanding the insider threat attack surface

3 min read - As the adoption of generative AI (GenAI) soars, so too does the risk of insider threats. This puts even more pressure on businesses to rethink security and confidentiality policies.In just a few years, artificial intelligence (AI) has radically changed the world of work. 61% of knowledge workers now use GenAI tools — particularly OpenAI’s ChatGPT — in their daily routines. At the same time, business leaders, often partly driven by a fear of missing out, are investing billions in tools…

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today