It’s the most wonderful time of the year — for cybercriminals.
We’ve entered the peak season for cybercrime, with various studies indicating that cyberattacks increase by up to 60 percent during the holidays. The Department of Homeland Security recently warned of an expected spike in a range of malicious activity, including unsolicited emails that contain malicious links or attachments, malware-infected advertisements, and fraudulent charitable appeals — all of which could result in security breaches, identify theft or financial loss.
Of course, this activity is designed to exploit increased online transactions during what some analysts are predicting will be the first trillion-dollar holiday shopping season. Analysis of more than 1.3 billion Q3 online transactions indicates that cybercriminals have been gearing up for a very active season, according to Arkose Labs. The firm found that one in five new accounts were bot-driven frauds, a 70 percent increase over the previous quarter. This suggests that cybercriminals have been testing stolen credentials in advance of the holidays.
There’s a tendency to think of these seasonal crimes as primarily affecting individuals and retail businesses. While they are the most obvious targets, businesses must understand their vulnerabilities as well.
More than half of all employees admit that they will be “workshopping” — shopping online from the office or while using a corporate device — according to a new study from Robert Half Technology. That means inadvertent breaches could expose corporate networks and business-critical information to cybercriminals.
For example, if someone clicks on a malware-tainted link — so-called “malvertising” — from a work computer, it could launch malware that infiltrates the corporate network, hunting down and stealing passwords and other sensitive data. One such scam making the rounds this season involves a fake Facebook link to a purported $75 coupon from Costco.
The increased use of seasonal temp workers also creates substantial business risks. Their lack of training makes them more vulnerable to social engineering attacks. Additionally, temp workers and contractors are sometimes the source of malicious insider attacks involving data theft or malware infections.
While cybersecurity is a year-round process, businesses should take extra steps to protect themselves, their employees, their devices and the organization’s assets from cybercriminals during the holidays. Here are five suggestions:
Enable real-time scanning. To detect malware before it can infect a system, enable your antivirus software’s real-time scanning feature. This will analyze files and programs as they are copied to a system in order to prevent the user from unknowingly becoming infected.
Boost endpoint protection. The latest endpoint security tools deliver multiple security measures across all endpoints. Tools such as ransomware protection, memory inspection, encryption, vulnerability shielding, browser exploit prevention, web threat protection and more are delivered via a lightweight client that can be centrally managed and easily updated.
Update software and operating systems with the latest patches. It is estimated that more than half of all breaches exploit known vulnerabilities that have not been patched.
Educate employees. Make sure your staff understands the dangers of online shopping from the office and remind them not to click on attachments or embedded links in unsolicited emails. Show them how to hover over links to see their true source.
If you’re an SSD Assurance customer, you don’t need to do a thing — we already have the tools and processes in place to protect you from holiday cyber threats. If you’re not an SSD customer, we invite you to give us a call. Let us help improve your chances of a joyful holiday season by preventing cyber Grinches from compromising your systems and network.