‘Tis the Season – 9 Tips to Protect You & Your Business During the Holidays

The holiday season is in full swing. Most of us love this time of the year but it doesn’t come without concerns. We are so busy celebrating, working, preparing, and trying to enjoy the holidays that we become distracted, more than usual.

We also tend to be kinder and less tend to be kinder and less skeptical of people at this time of the year. We’re more likely to hold the door for the delivery driver or the caterer because they’re expected and a welcome site. We don’t think someone will grab our wallet off the desk or our purse out of our shopping cart because we’re all supposed to be a little nicer.

We might be distracted by the cookies and cakes brought in by co-workers or the lunch provided by the boss. As a result, we open an email or click a link we shouldn’t have.

At Nwaj Tech we fully understand down time and celebrations are important. We also know that the bad guys understand this too. They’re ready to celebrate a victory at your expense. While we would never discourage enjoying the holidays, we would be remiss if we didn’t take a moment to explain the risks and how to mitigate them.

Very festive, right? Consider it a gift from Nwaj Tech!

9 Tips to Protect You & Your Business During the Holidays

1. Don’t open unsolicited emails.

   Phishing emails increase by more than 150% in the last quarter of every year. The messages are often related to online shopping or the holidays but not always. Cyberattackers put in extra work during the holiday season because they know we are all more distracted, and more likely to click. #ThinkB4YouClick

2. Ignore text messages from unrecognized senders.

   The same thing applies here. Cyberattackers know we are more distracted. That said there are some scams that are on the rise, like Pig Butchering (if that sounds terrible to you it should). I created this video explanation of Pig Butchering a few months ago.

   Essentially if you receive a random text message from someone you should just block it unless you can 100% determine it is someone you know.

   This goes for text messages that ask you to confirm a Zelle (or other payment apps) transaction. Any response will generate a phone call from a scammer who will trick you into emptying your bank account. That will not make for a good holiday in 2022.

3. If it seems too good to be true, it probably is.

   There is always a catch. Unfortunately, the catch is sometimes people and businesses. If something offered to you seems too good to be true, I can guarantee it is. Free trips, free cryptocurrency, free Amazon gift cards, and so many other “offerings” are ways to get you to provide information you wouldn’t normally give up.

1. Don’t let your guard down.

   Attackers are working hard to find a way into your business and/or your life. Now is not the time to let your guard down. Now is the time to raise your awareness and practice due diligence.

2. Avoid public & free WiFi like the plague.

   It is also a very busy travel season. Airport WiFi, Hotel WiFi, and Coffee shop WiFi all seem very convenient, but they are extremely risky.

   First, it’s easy for someone to connect to your device if they are on the same WiFi as you. Someone with the right set of tools, a few minutes of time, and some basic knowledge, can steal data from your mobile device or laptop.

   It is also very easy to create a WiFi hotspot with the same name as the publicly available hotspot and allow you to connect to it. Once you connect to the WiFi hotspot under an attacker’s control they can connect to your device and steal data, or worse. Setting up a way to access your laptop later may help them gain access to your business. Again, very easy to do with the right set of freely available tools and a few minutes of time.

3. Use Privacy.com instead of your debit card.

   There are a lot of people recommending you use a credit card instead of a debit card during the holiday season (really all the time online). The reason for this is it’s easier to recover the money if it is stolen somehow.

   I would take that tip a step further and use Privacy.com. With Privacy.com you can create one-time use credit cards with a specific amount available to that card. You can also utilize the service to create a card for a subscription service you’re not sure you want to keep.

   com gives you a way to control what money is sent to what vendor. You can create a card for a single purchase thus making it impossible for a website with a card skimmer script running on it to steal the rest of your money. The most they will get is whatever you put on the Privacy.com card.

4. Be careful with what you share on social media.

   The world does not need to know that you went to the Bahamas during the holiday break. If you must share pictures and what you did during the holiday break, wait until you get back home to post.

   A friend of mine will not post what they did on Tuesday until Wednesday. They do not share where they are in real-time. Sharing that you are hundreds of miles away from home or the office during the holidays might make your return not so fun.

5. Ensure software is up to date.

   Most of us have undoubtedly heard about the Rackspace ransomware attack by now. What many are unaware of is the attackers got into the Rackspace Exchange environment through unpatched software.

   The updates were only a few months behind, but it was enough of a gap for hackers to gain access and launch a ransomware attack.

   Make sure all your software is up to date. Not just Google Chrome. Make sure printers, firewalls, routers, switches, storage devices, and smartphones are all up to date.

6. Use strong password policies.

   I have talked about strong passwords for as long as I have been in IT. Strong passwords consist of UPPERCASE, lowercase, numbers, and special characters. The longer the password the better.

   Your password policy should also include the following:

   1. Do not reuse passwords from the past, or use the same password on different applications
   2. Use 2FA or MFA on EVERYTHING
   3. Use a password manager
   4. Do not use passwords that are easily guessed if the person knows some information about you.

For more information about strong password policies read this blog post.

I sincerely hope everyone has a great holiday season. I hope it’s filled with festivities, family, fun, and food. I cannot wait to hear about what you did during the holidays.

I also hope that no one I know suffers a cyber-incident during this festive time.

Schedule a vulnerability assessment with Nwaj Tech