(Editor’s note: This is the fifth installment of a monthly column on the growing number of cyberthreats facing businesses of all sizes and what they can do about it. See previous installments here.)
With the holiday season upon us, I find myself, like many of you, spending nights on the couch wrapped in blankets, with my family in front of the fire watching classic holiday movies. I always seem to land on, “A Christmas Story.” One of my favorites scenes is when Ralphie is sitting at the kitchen table, and he begins to daydream about saving his family from that dreaded criminal Black Bart! The bad guys in their masks and black-and white- striped shirts begin to infiltrate the Parkers’ yard, from every angle. The family is hiding under the table and mom yells, “Save us Ralphie, I just knew those bad guys would be coming for us in the end!”
Much like Black Bart and his gang of robbers, during this time of year cybercriminals significantly ramp up their efforts. While a constant focus to protect your organization from cyber-risk is necessary, during the holidays it is especially important to stay attentive.
Every year the FBI and other law enforcement agencies issue warnings about rising attacks this time of year. There was a 30% reported increase last year in ransomware attacks during the holiday period. We also saw a 70% increase in attempted ransomware attacks. This is not a new trend. Every year we see a significant spike in cybercrime. As we know, cyber criminals are opportunistic. Why wouldn’t they want to take advantage of our employees during the time of year when they are the most distracted?
This is also a time that we find staff using corporate systems more often than normal for personal use. The fast-paced nature of the holidays, and folks rushing to get the latest deals or last-minute gifts online presents a tremendous amount of risk to your organization and opportunity for those cybercriminals. Especially now, during these inflationary times, the savings that discount codes offer may be very enticing. According to the 2022 Norton Cyber Safety Insights Report, one in three American adults admit to taking more risks when online shopping during holiday season compared to other times of the year.
Small-business owners must be more alert to cybercrime activity than ever. Accenture reported that 43% of online attacks target small- and medium-size business. With that, only 14% felt prepared to defend against cyberattacks. This is staggering news, since the National Cybersecurity Alliance states that about 60% of small businesses close within six months of a cyberattack.
By instituting basic cybersecurity measures and best practices, we can significantly reduce our risks from these holiday season cyberthreats.
First and foremost, employee awareness is crucial. Remind staff to keep security best practices in mind. Continuously reinforce the good habits of how to handle suspicious links, to never download attachments from unknown senders and to always stay clear of suspicious websites, calls and text messages. Denying cybercriminals their most-often-used attacks is a critical step in mitigating their success.
We clearly live in a time where passwords alone are not sufficient protection. If your business has not embraced and mandated Multi-Factor Authentication for all of your users, you must change that immediately. MFA significantly decreases your risk. As modern businesses, we must assume first that unknown activity is nefarious, never implicitly trust and always verify the legitimacy of requests and unusual activity.
These basic precautions, along with the best practices that we discuss here each month in Cyber Sessions can be the difference between a successful defense or a breach.
Much like Black Bart said as he was foiled and running away, “OK Ralphie, you win this time, but we’ll be back,” cybercriminals are on the constant attack.
Our preparedness, focus and ability to respond are what will allow us to be more resilient to these threats.
Next month: What to plan for in 2023.
(Jason Albuquerque is chief operating officer of Pawtucket-based Envision Technology Advisors LLC. You can reach him through www.envisionsuccess.net.)
