Published: December 17, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
According to the FBI and CISA (Cybersecurity & Infrastructure Security Agency), this holiday season is the time for vigilance and high alert for public and private organizations. Based on their observations from previous years, ransomware and other cyberattacks are rampant during this time. Other holidays are also in the crosshairs of malicious actors including Memorial Day and July Fourth weekends, and yes, even Mother’s Day isn’t safe. Left up to cybercriminals, their goal during this holiday time is to make sure this “season of giving” is great for them but not so much for their victims.
According to their post on the official CISA website “Specifically, malicious cyber actors have often taken advantage of holidays and weekends to disrupt critical networks and systems belonging to organizations, businesses, and critical infrastructure.” Fortunately, they also offer tips and suggestions to help keep the “Happy” in your organization’s holiday.
Tips For Your Organization’s Cyber-Safe Holiday Season
Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack
Implement multi-factor authentication for remote access and administrative accounts
Mandate strong passwords and ensure they are not reused across multiple accounts
If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored
Remind employees not to click on suspicious links and conduct exercises to raise awareness
The security tips for all employees and owners are the same, except they also recommend:
Implementing multi-factor authentication for remote access and administrative accounts,
Mandating strong passwords and ensure they are not reused across multiple accounts, and
Review and, if needed, update incident response and communication plans that list actions an organization will take if impacted by a ransomware incident
The FBI and CISA also recommend the same attention to the multiple attack vectors cybercriminals use to gain network access during this holiday time.
Phishing scams, such as unsolicited emails posing as charitable organizations
Fraudulent sites spoofing reputable businesses—it is possible malicious actors will target sites often visited by users doing their holiday shopping online
Unencrypted financial transactions
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org