Home
Cyber Risk Management

5 Security Headaches IT Needs to Tackle This Holiday Season

This holiday season brings plenty of stress for IT teams, battling a slew of cyber risks. From holiday phishing scams to Wi-Fi attacks and insider threats, this year is set to bring in fresh cybersecurity challenges for IT. Check out the five most common risks enterprises face in the holiday season and how to address them.

November 5, 2020

The holiday season is a tricky period for enterprise IT, as it brings a slew of cybersecurity challenges. Research suggestsOpens a new window that attacks like phishing rise by as much as 400% near the holiday season. On top of that, several IT teams work with a skeleton crew over the holidays. This makes it harder to spot vulnerabilities and plug them on time. 

2020 has already been a year of growing cybersecurity threats, and the upcoming holiday season could be extremely complex for enterprise IT teams. From Wi-Fi hacking to malware attacks and holiday-themed online scams, IT teams face a pressure of a different kind keeping systems and infrastructure safe remotely. 

With homebound workforces across multiple locations, multi-perimeter defense is no doubt important in the age of COVID, but IT teams also need to shore up internal defenses to stave off insider threats from temporary workers. 

This includes restricting remote access that isn’t needed for specific users and isolating sensitive data from users/accounts that don’t need it. Plus, it is a must to factor in endpoint security and BYOD activity for compliance and security during the holiday season. 

Here, we outline the five most common cybersecurity threats IT and security teams should watch out for over the next few weeks and address them. 

1. Unsafe E-commerce Sites Accessed During Work

There’s always some risk involved in e-commerce, as there are thousands of fake shopping sites out there and online payments are a popular target among hackers. 

This risk multiplies during the holiday season, as a few employees will inevitably do their last-minute shopping while at work from company-issued devices. In a WFH world, this is an even bigger problem, as the lines between work and personal activity are increasingly blurred. An employee might use a work device to quickly place an order in the weeks leading up to Christmas, late one night while getting a headstart on the post-holiday workload. 

Remember, 45% of employees admit to online shopping during work hours as per a U.K. surveyOpens a new window

Action point: Secure your enterprise network perimeter so that suspicious e-commerce websites are blocked. Configure business email so that hyperlinks from promos and marketing emails don’t open automatically. You should also monitor employees’ online activity to preempt any red flags. 

2. Phishing Emails and Holiday-related Fraud

This is probably the most common threat you will encounter during the holiday season. Hackers tend to get more creative at this time, luring unsuspecting employees with lucrative discounts, exclusive products, and rewards. As a large portion of your workforce is in the mood to spend, the chances are higher of someone clicking on the bait and opening your enterprise network to attacks. 

For non-retail companies, there’s a risk that a phishing email will install malicious software on a company device or extract login credentials for your enterprise network. Retail companies are battling a much larger challenge, as hackers typically target their customer data repositories. 

This risk is exacerbated by human error. 

Home Depot Canada recently sent outOpens a new window a mass email sharing the details of every single active order with its entire customer base. Slips like these are a golden opportunity for hackers, as they can mimic these emails, complete with the correct order Id and shopping details, to defraud a customer. 

Action point: Don’t be frugal about IT staffing during the holiday season. Overworked employees can make errors or overlook vulnerabilities that could cost you down the line. Hold refresher training sessions to train employees about phishing risk and secure email protocol, fighting against social engineering attacks as much as possible. 

Learn More: 6 Tips to Ensure Users Don’t Take the Phishing Bait 

3. Vulnerabilities in New Devices and BYOD

This an emerging risk, with less of a probability than the other holiday-related attacks we are discussing, but it deserves attention nonetheless. 

The holidays are a time when a lot of us buy new gadgets or receive them as gifts, and most employees will inevitably plug these devices into the enterprise network. For example, a smartwatch connects to an employee’s mobile device, which, in turn, connects with the company’s private network. Confidential data like emails are relayed to the device if an employee uses it for notifications, etc. 

Potentially, a cybercriminal could use the device as a backdoor to hack the network, as confirmed by academic researchOpens a new window . At the very least, employees’ personal data is at risk if these new devices are incorrectly configured. 

Remember, wearables are among Deloitte’s predictionsOpens a new window for the top ten most desired gifts in 2020, making this a bigger problem than you might imagine. 

Action point: Enterprise IT teams must define a clear set of protocols for onboarding new employee devices, whether personal or for work. This type of “BYOD clause” would ensure that every device inside or within the radius of your enterprise network is protected. 

4. Insider Threats From Seasonal Workers

Seasonal employees can be a high-risk security vector for the enterprise during the holiday season. 

The average company will onboard a mid-sized-to-large seasonal workforce from various third-party providers, all of whom may not be properly vetted/verified. 

There are two types of risks here. First, an employee could join your company in a temporary role with explicit malicious intent — i.e., they are aware of valuable confidential assets and need insider access to reach them. Second, hackers could target a seasonal employee with the lure of financial gains. These employees are: 

  • Less entrenched in your company’s culture and therefore less invested in its wellbeing
  • Not provided with cybersecurity training at the same intensity as permanent employees 
  • Governed by a different set of contractual terms which may not cover data obligations

These three factors make seasonal employees candidates for insider threat, yet you cannot do without them during the holiday season. 

Action point: Adopt least privilege access across the enterprise, regardless of permanent or temporary employees. Don’t discriminate against seasonal staff by labeling them as “risks” as Google didOpens a new window . Instead, develop deeper engagement, invest in their cybersecurity training, and treat them as full-time employees with time-bound contracts, holding them accountable for their enterprise network usage. 

5. Employees Using Public Wi-Fi When Vacationing

This could be less of a risk in 2020 than usual, but it doesn’t make it non-existent. 

Employees can choose to take time off during the holidays to take a short trip, travel, and spend time with friends and family. However, in an increasingly connected world, it is likely that they never entirely switch off. An employee could open their work email or access enterprise storage on the cloud when traveling, by connecting to a public Wi-Fi network. 

However, public Wi-Fi networks may not use the same encryption protocol as an enterprise. There’s also a possibility that employees could unwittingly join in a rogue Wi-Fi hotspot and handover control to an attacker. 

Action point: Educate your employees about the risks of using public Wi-Fi. Drive home the point that its cons far outweigh any convenience or cost advantage. You can also configure the corporate email to require authentication whenever the user switches to an unfamiliar network. 

Learn More: Emotet Trojan Can Spread Through Wi-Fi Networks, and There’s a Simple Way to Stop It 

Preparing for a Season of Heavy Digital Activity in 2020

This has been a year when most companies accelerated their digital shift, compounding their cyber risk exposure in the process. 

Between November and February, employee digital activity is likely to spike even more, as they catch up with year-end workloads, plan for the next quarter, and try to balance their already tricky life vs. work dynamics. In this environment, hackers will likely find a gap or two, ready for exploitation. 

That’s why, you need a robust IT bulwark in the 2020 holiday season. Round-the-clock IT staff, expert support, threat intelligence tools, and network monitoring with a fine-tooth comb will be critical to keeping threats at bay. The goal is to keep employees engaged and productive without risking security. 

What steps have you taken to reinforce cybersecurity as the holiday season approaches? Comment below or let us know on FacebookOpens a new window , LinkedInOpens a new window , and TwitterOpens a new window . We would love to hear from you!

Cybersecurity E-commerce
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

Top Tips to Stay Safe During Black Friday and Cyber Monday
Cyber Risk Management

Top Tips to Stay Safe During Black Friday and Cyber Monday

SMBs: Cybersecurity Is Everyone’s Responsibility
Cyber Risk Management

SMBs: Cybersecurity Is Everyone’s Responsibility

Cybersecurity Frameworks Explained
Cyber Risk Management

Cybersecurity Frameworks Explained

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime
Cyber Risk Management

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime

Safeguarding Elections from Cyberthreats
Cyber Risk Management

Safeguarding Elections from Cyberthreats

Fact or Fiction: Combatting Deepfakes During an Election Year
Cyber Risk Management

Fact or Fiction: Combatting Deepfakes During an Election Year