Keep Your Business Cybersafe This Holiday Season

It’s no coincidence that many of the most high-profile cyberattacks happen during times when many of us are taking time off. Holidays typically mean lighter staff, less attention paid to emails, and generally letting our guard down to spend time with family. This presents an ideal opportunity for scammers and hackers of all kinds: For them, this is truly the most wonderful time of the year. 

Rather than spending your time off frantically checking your phone or computer for signs of skulduggery, you can prepare yourself and bolster defenses for your business and enjoy a truly silent night. Here are some things you should do:

1. Treat every email as suspicious: Generative AI means that not only are phishing emails better-written (gone are the days of obvious fake emails in broken English), they’re also more personalized. Be suspicious of any incoming emails, even if they include personal details. Assume that there’s enough information about you and your business out there for an AI bot to craft message specific to you.
   

2. Beware “urgent” emails: The unfortunate overlap between the end of the financial year for many businesses and the holiday season means that many people are scrambling to send out invoices and resolve potential issues in order to be able to start 2025 with a clean slate. Scammers are keenly aware of this. While you should treat every email as suspicious (see above), you should be extra careful when opening attachments are replying to any messages with panic-inducing subject lines including terms like “URGENT,” “NOTICE OF FAILURE TO RESPOND,” etc. Think before you click, and if something is marked with a hair-on-fire level of urgency, confirm the sender or call them to see if the message is legitimate.
   

3. Don’t put too much information into your OOO message: If you set up an auto-reply message saying that you’re out through a specific date and who to contact in your absence, you’ve just provided some information that’s key to a successful phishing campaign: a) your email address is legitimate, b) you’re unlikely to be checking your messages regularly, c) the contact information for one of your colleagues, and d) said colleague is likely distracted by doing the work of at least two people.
   
   With that much information, a scammer can create a fake personal email account with your name, contact your colleague, say that you’re locked out of your network and need access. This is just one example of the many ways a simple notification that you’re out for the holidays can provide someone else an in.
   

4. Beware texts from delivery services: At this time of year, many of our phones are constantly bombarded with texts providing updates to delivery times, expected delays, or other issues. It’s a lot harder to see red flags in abbreviated, automated text messages than in standard emails. If you’re waiting on a package or want to confirm that one was delivered, don’t click links in texts and don’t provide any information. Instead, go to the website of the business or the delivery service in question to check for updates.
   

5. Don’t share too much on social media: If someone with ill-intent gets an OOO notification for your email address and you regularly post on social media about travel plans, they can see where you’re going, when you’re likely to be unavailable, with whom you’re traveling, and which of your colleagues interacted with your post. All of these details can be leveraged into crafting a more convincing phishing message. Wait until after you’ve returned from your trip to share the details with others, and be sure that your social media information isn’t available to the general public.
   

6. Double-check once you’re back–and be careful: Once you’re back at work, check to see if anything looks suspicious. Are there a lot more or a lot fewer emails in your inbox than you were expecting? Did anyone contact your colleagues on your behalf? Can you still access all of your accounts? Even if it’s too late to prevent a cyberattack, you can still contain the damage if you respond quickly.

None of this is to suggest that you won’t get some peace and quiet over the holidays, but it does help to know that scammers operate on a 24-7-365 schedule. A small amount of preparation can go far in making sure you don’t return to work with a digital lump of coal in your stocking.

Not sure how to prepare your security for the holidays and beyond? Nodal can help! Contact us today!