’Tis the season for cyber mischief: Holiday risks every organization should prepare for

It’s the most wonderful time of the year – for cyber criminals.

Anyone who has watched Home Alone knows that leaving your property unattended over the festive period can make you vulnerable to criminal activity; theft, property damage, and risking the safety of unattended children. This is also true in the digital realm, with cybercriminal activity adapting to the changes in behavior at this time of year to cause some chaos before the new year arrives.

Shopping, traveling, using work laptops to stream a movie on auntie’s unsecured home network – these seasonal activities are all opportunities for a threat actor to ransack networks and leave the cyber-sink overflowing for you to find when you come back in the New Year. Your network team is going to need to be as ingenious as Kevin McCallister to keep those bandits out of the network.

So, in the spirit of the season, here are 5 festive tips from KYND about the types of risks you face over the holidays, and what essential actions you need to take before signing off for the season.

1 – Review and distribute your IRP

As the elves at the North Pole know, “The best way to spread Christmas cheer is singing loud for all to hear.” But hopefully you have a more robust plan in place for your users and IT team if they encounter a security event over the holidays. Your Incident Response Plan (IRP) is your playbook for when things go wrong. It should contain everything that a user would require to be able to navigate an incident – checklists, documentation forms, escalation criteria, key contacts, and whatever else may help them begin to address the issue. While capabilities and responsibilities may vary from user to user, all users need to be able to identify the best course of action to take when something goes wrong over the holidays.

Network admins and IT teams should ensure that the IRP accurately communicates the best course of action when there is reduced staffing. Oh, and make sure you have offline copies available of these plans. A Christmas Eve ransomware attack on the Scottish Environment Protection Agency (SEPA) was hampered because their recovery plans, although considered strong, were stored on the same server that was compromised – making them inaccessible when needed. Son of a Nutcracker!

2 – A Phish-mas Carol

Before users depart for their end of year break, run one last phishing exercise to keep them on their guard. This isn’t about being a Scrooge; it is about ensuring users are alert to the common tactics threat actors use at this time of year.

From Black Friday onwards, users are going to be inundated with emails from all types of sellers offering end of year discounts and offers. Threat actors like to hide in amongst this flood and create convincing phishing emails that look like they are from reputable brands offering seasonal deals on the most popular gifts. Alternatively, they could look like emails from your vendor partners asking for end of year invoices to be filled out. Their wish is to look so convincing that one of your users clicks on a link to a phony website where they can give away login credentials, financial information, or even allow the threat actor into the network via a download.

There’s no Spirit of Christmas Future who can tell you which user is going to make this error, so the best strategy is prompting all users to be on guard by running an exercise across your organization and reminding users that fail to be extra vigilant over the holidays – no one wants to look like a Muppet when it comes to phishing!

3 – Update the naughty and nice list

The network admin is making a list and checking it twice. Gonna find out which user’s been naughty or nice!

If you are part of an organization that allows users to take devices home and travel with them over the holidays, you need to ensure that those devices and systems have the necessary protections in place prior to closing for the holidays. While sacks full of letters might be enough to settle whether Kris Kringle is Santa Claus, it doesn’t take a miracle on 34th Street to evidence that devices are secured – it requires MDM.

MDM (Mobile Device Management) is a tool that allows you to keep track of devices within your network and update them from afar. Network admins can have a centralized view on which users have not updated critical security patches, who is or is not using a VPN to secure their connection to public WIFI, and remotely wipe a device that has been accidentally left in an airport to prevent someone accessing any data or sensitive systems. It is your Naughty or Nice list for the network and will help you to stay on top of asset management tasks as users go offsite and head home for the holidays.

4 – Secure the premises

If you want to stop Hans Gruber getting into Nakatomi Plaza during the Christmas party, you must ensure that your perimeter is appropriately secured. This means the IT team should do a thorough sweep before reduced service kicks in. This should include securing remote access and RDP entry points, checking that scanning and alerting systems are operating as expected, and shutting down or obfuscating any externally visible vulnerabilities. Ensuring no access points are left open and that your defensive technology is working as expected before most of the team go on leave will help you streamline and optimize managing these systems with a skeleton staff, allowing the on-duty team to focus on the most significant alerts and systems.

Remember that threat actors are intelligent and will not just be approaching obvious routes into your network. One of the biggest seasonal cyber-attacks was the Target breach of December 2013 where around 40 million credit and debit records were stolen alongside 70 million customer records. They pulled this huge data exfiltration off by gaining access through phishing an employee of a third-party HVAC system supplier. So, to thoroughly secure your perimeter you might have to be like John McLane and get into the vents. “Come out to the coast, we’ll get together, have a few laughs…”

5 – Put cyber insurance on your Christmas list

While you can do everything in your power to manage your cybersecurity risk, sometimes things are a little less Happy Holidays and a little more Hallowe’en Town. Not all plans work out, and having cyber insurance can really help you out if you run into a Nightmare Before Christmas. Check what is covered by your policy – forensic services, data recovery costs, and reputation management services can all be benefits of your policy. It is especially important to review your policy if you have an early renewal date in January, to ensure your coverage holds should you be attacked over the holiday break.

A little peace of mind for the holidays (and beyond)

As you head into the holidays, it’s worth remembering that even the best-laid security plans can be tested. And while no one wants a seasonal saga worthy of a Christmas classic, having the right cover in place – and the right intelligence behind it – can make all the difference if the unexpected happens.

That’s where KYND comes in. Our technology gives you a clear, real-time view of the risks that matter most when applying for cyber insurance – from spotting externally visible weaknesses that attackers love to exploit, to understanding the gaps in your internal security posture that could leave you exposed. Whether you’re preparing for coverage renewal or reviewing your risk profile ahead of the new year, KYND helps you enter those conversations with confidence.

So before you log off for some well-earned rest, take a moment to make sure your organization is not only secure for the season, but also ready for whatever the new year brings. And if you need a clearer picture of your cyber risk management requirements, KYND is here to help – this holiday season and beyond.