Even as people are wrapping presents and decorating the tree, cyber criminals are planning how to exploit the festive season when cyber resilience is potentially lowered. There are some obvious easy targets for them; people are sending and receiving parcels at homes and businesses so emails purporting to be from a courier or Royal Mail don’t raise the red flags they might at other times of the year.
Gone Phishing for Christmas
Cyber criminals are masters of deception, so our advice is ‘Trust Nothing’ that comes in through email, even if you have software in place to detect fake emails or dodgy links. Emails are often the easiest way for criminals to get access to a business’s systems, data or credentials and you may not even know you have been hacked. Often, these emails ask you to log in to an account, inadvertently causing you to give criminals an unchallenged route in. Staff training and regular reminders to be careful and to check the sender’s email will go a long way to improve your security.
Criminals know that staff are taking holiday or working from home; systems may be less jealously guarded and mistakes happen. And your IT support may be reduced over the period too. Spear phishing is when a criminal has done their research and sends an email that purports to come from someone you know – these can be very convincing, particularly if you can’t contact them because they’re on a break. But if you have any doubt at all, double check first.
Invoices for End of Year
Similarly, fake invoices requesting urgent payment before Christmas are rife at the moment. Invoices that are for a new supplier can be checked with a simple phone call to the number of the business, obviously not using the number the scammer may helpfully provide on the fake invoice! Invoices that raise any questions at all should be checked – but your busy accounts team might just pay as they are trying to be helpful and clear the desks before the holiday.
The Gift of Passwords
It sounds unbelievable but thousands of people use the same password for everything, including their bank or their business access. Over Christmas, criminals have more time to work out how to steal your password, or how to hack in using passwords they have bought for pennies on the dark web. Password security is crucial especially at Christmas. Before you log off, change your main passwords and take a minute to enact two factor authentication where you can, to double-lock your accounts. Don’t give cyber criminals the gift of your password!
New Year, New Cyber Resilience
Finally, give yourself the best gift of all – free membership to South West Cyber Resilience Centre. We’re a Police-led not for profit, set up to protect South West organisations. There are many benefits to being a member; we will give you a free initial consultation on your current situation, we’ll send you monthly summaries of cyber threats, and we’ll signpost you to helpful, trusted resources to build your cyber security. Join now – this is one link that really is safe to click!
Comments