“Cybercrime is increasing. Both organizations and individuals need to think about the cybersecurity steps needed to stay safe from fraud this holiday season,” stated Heather Stratford, Founder/CEO of Drip7.
TransUnion cited a 12% suspected increase in digital fraud over last year during the period from Nov. 23-27, 2023. Proactive steps can reduce your risk and help you and your employees avoid cybercrime.
Cybercriminals Find it Easy to Attack During the Holidays
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States. The FBI/CISA report holiday weekends as especially attractive times to target potential victims, including small and large businesses.
Here are some tips to avoid fraud, scams, and being hacked over the holidays and while traveling.
Prepare for Cybercrime as an Organization
Organizations can prepare for the holidays and cybercrime by taking some basic cybersecurity steps.
- Have a holiday emergency plan or incident response plan
- Identify the key personnel for the holidays
- Have all systems and software updated
- Train employees on holiday/travel cybersecurity, including phishing awareness training
- Be sure individuals know the importance of reporting any incident immediately and that there is no fear of consequences for reporting an incident
- Consider sending phishing emails as examples of what to avoid
- Update and activate all monitoring and alerting systems
- Reinforce password protocols and MFA – multi-factor authentication
- Confirm data backup and recovery strategy
- Education on caution when using public Wi-Fi and hotspots
- Consider restricting privileged accounts over the holidays
This list is not exhaustive but a launching point.
Phishing is Still a Cybercrime Mainstay
Phishing email statistics suggest that nearly 1.2% of all emails sent are malicious, which translates to 3.4 billion phishing emails daily. Extortion of over 33 million records is expected to occur by the end of 2023, with a ransomware or phishing attack occurring every 11 seconds.
Some common phishing scams include delivery notifications, marketing by retailers, requests for donations to charities, gift exchanges for co-workers, and promotions that are too good to be true.
84% of US-based organizations have stated that conducting regular security awareness training has helped reduce the rate at which employees fall prey to phishing attacks.
Explaining to individuals the value of this education can help not only the workplace but also protect families outside of work, thereby increasing the worth of the training.
Leverage the joy of the holiday season by making the training and reminders on cybersecurity fun and playful, therefore more memorable.
Prepare as an Individual
Holiday travel can be challenging, no matter the mode of travel. Here are some tips on how to stay safe and avoid cybercrime.
- Be sure all devices have been updated, including phones and computers.
- Use passwords that are long and complex, which are safer than short, simple passwords.
- We use our phones more when traveling. A large percentage of online fraud (70%) is now accomplished through mobile applications. Be careful when adding new applications, and those you use should be updated.
- Juice jacking can be found in shopping malls, airports, and other public places with free charging stations for mobile devices. Bad actors can tamper with charging stations and load a virus onto the device being charged.
- ATM card skimming is when a device is placed over an ATM and captures data. Look carefully when using an ATM.
- Wi-Fi networks found in public places, from airports to coffee shops, not to mention the homes of relatives you may be visiting, are often unprotected and targets for hackers. A VPN, virtual private network, can be used instead.
- With time off from work, more use of social media can increase potential risks. These risks might include ads with links to websites with malware, questionnaires asking for personal information that could be used to access passwords and accounts, impersonation of contacts to gather personal information, ads that replicate real businesses to lure the unsuspecting to a fake e-commerce website – it is best to initiate going to a desired website and not clicking on an ad for that website.
- Social engineering can be done in person, not just online. An example is shoulder surfing, when someone is looking over a shoulder to see access information entered, such as when using a credit card and entering a PIN. Bad actors would love to steal credentials. Losses from identity theft cost Americans $5.8 billion.
- Talk to loved ones who may be using your devices over the holidays, and be sure they know how to stay safe. Even children need to know the basics of cybersecurity.
- For important accounts such as banking and investments, consider establishing MFA and multi-factor authentication.
- Don’t advertise being away. Wait to post those travel photos until you are safely at home.
- Backup devices: this can be done with an external drive, in the cloud, or both.
- Fake charity campaigns abound during the holiday season. Initiate contributions to known charities on verified websites if donating online.
- If buying or receiving a gift of a new device that is connected to Wi-Fi, think about access. The Internet of Things, IoT, has exploded and over 10.54 million IoT attacks were reported in December 2022.
With consideration of these simple steps, the holiday season can remain safe and joyous.