Skip to content

As the Christmas holidays approach, your organisation may be starting to wind down, and workloads/hours may be reduced. Unfortunately, hackers take advantage of this time. Therefore, it is pertinent for those working over the Christmas holidays to do what they can to remain vigilant to common cyber threats. 

Our Ethical Hacking team have put together some top tips for remaining cyber-safe during the festive break:

Online scams, phishing and smishing attacks (phishing in texts) are constantly evolving to take advantage of what is happening in the real world. An example of this was the Covid-19 vaccine texts in 2021. The festive holidays are no different. These scams may come in the form of advertising too good to be true deals, Royal Mail smishing scams, or offers of Christmas bonuses from unknown email addresses. It’s important you know how to spot the tell-tale signs of these scams, and that staff, family, and friends are also informed.

You may have employed temporary staff this festive season if it’s a particularly busy time for you. We’re urging organisations to train staff on cyber security best practices. Such as how to spot a phishing email, how to report suspicious emails and typical scams your organisation may see. When communicating how to report phishing emails or cyber incidents over this period, consider whether your IT department has reduced staff and how this will affect the process. 

  • We recommend that staff report suspicious emails to your internal IT team or your Managed Service Provider to block the malicious domain or IP address, as well as reporting them to the National Cyber Security Centre’s Suspicious Email Reporting Service. 

Two-Factor Authentication (2FA) is a standard security feature on many websites to secure accounts, providing an extra layer of protection. 2FA asks for a second step to confirm the identity of a user. There are multiple ways to provide this additional authorisation, such as sending a code to you through email or text or using a trusted app to authorise a login attempt. It was reported that using text messages, 2FA has protected accounts against 96% of mass phishing attacks and 76% of targeted phishing attacks, making 2FA an integral part of an organisation’s cyber security toolkit.

If your organisation is closing down entirely for the holidays, it’s a good idea to ensure a backup of all your business-critical data. Regularly backing up your organisation’s data is a recommended best practice, but if your organisation still needs to do so, there’s no better time to start. We recommend utilising the 3, 2, 1 method:

  • This simple approach concerns keeping data safe in almost any failure scenario. 
  • Three copies of your data should be kept.
  • Two copies should be stored on different storage media, such as one on a hard drive and another in the cloud.
  • One of the backups should be stored off-site.

If all these conditions are followed, then all the data should be able to be restored, as it is unlikely all copies will fail, especially if stored across multiple mediums and locations.

When a cyber attack happens, things often move quickly and snap decisions must be made. Any hesitation or wrong choice, and there is a risk of irreparable harm to any organisation and its reputation.

One of the best ways an organisation can prepare for a cyber incident is by taking a proactive approach and implementing a formal cyber incident response plan.

In partnership with CyberScotland, the Scottish Business Resilience Centre (SBRC) has created a Cyber Incident Response Pack, which provides practical advice to businesses on handling a cyber-related incident. The easily digestible pack includes longer-length advisory pieces on reputation management and legal considerations, best suited for small and medium businesses or charities that don’t have in-house incident response teams. It also contains checklists and editable documents which centralise the important contacts businesses must speak with when experiencing a cyber incident. 

If any organisation is concerned they have been a victim of cybercrime, we offer a free Cyber Incident Response Helpline on 0800 1670 623 (Weekdays 9 am – 5 pm), which will remain open throughout the festive period. Or, if you are concerned about your organisation’s security in general, call our free helpline to confirm you have the right processes in place.