Better Business Security During the Holidays

Better Business Security During the Holidays. As the holiday season approaches, businesses face heightened risks from cybercriminals, who exploit the reduced vigilance and staff availability typical during this period. Cybersecurity company Performanta offers practical advice to ensure your business remains cyber-safe while you enjoy a well-deserved break.

During December and January, ransomware attacks increase by 30%, and phishing scams—disguised as holiday-themed emails about gifts, package deliveries, or charity drives—skyrocket. “Even routine holiday notices can be security risks,” warns Gerhard Swart, Chief Technology Officer at Performanta. Criminals often use out-of-office replies to target individuals or impersonate them, creating opportunities to manipulate employees and extract payments.

“There’s no good time for a cyberattack, but there is a worse time—when half your key security people are on holiday,” adds Swart.

Understanding these risks allows businesses to take proactive measures. Performanta recommends the following best practices:

• Work with a Detect-and-Remediate Provider – Partner with a Managed Security Service Provider (MSSP) for 24/7 monitoring and immediate threat response. MSSPs identify anomalies and act quickly to deter or remove attackers.
• Update and Test Systems – Use the reduced activity during holidays to test and update systems, ensuring they are secure and patched against vulnerabilities.
• Ready an Emergency Response Plan – Establish holiday-specific response plans, ensuring a designated person is available to handle emergencies if key personnel are unavailable.
• Limit Access – Restrict system access based on staff leave schedules. Have procedures in place for granting emergency remote access.
• Train Staff on Phishing Scams – Equip staff to recognise and avoid phishing attempts, helping protect both the business and their personal data during the holidays.
• Prepare for Supply Chain Attacks – Provide guidance to scrutinise partner communications and monitor system integrations, where business email compromise attacks often occur.
• Activate Multi-Factor Authentication (MFA) – MFA is essential for stopping account breaches. Train staff to avoid MFA fatigue attacks, SIM swapping, and other tactics targeting MFA credentials.

Criminals exploit the relaxed “holiday brain” mindset to catch businesses off guard. Swart emphasises, “The first step is to realise that holidays create a bigger threat of cyberattacks. Start by talking to your security provider. Awareness and action are the keys to staying safe.”