With under a month now to Christmas, many people are starting to attend company Christmas parties and social events. As the date gets closer we all start to wind down for a well-deserved break with our families, so we can come back next year to do it all again. However, there is a lurking threat this time of year that starts to ramp up their efforts as everyone else starts to wind down. Cybercriminals will have started to prepare for an onslaught of phishing (scam emails) campaigns to catch you off your guard, to manipulate your good nature and festive mood.
You will see emails coming in the last days with targeted attacks around last minute payments that need to be processed before everyone leaves on holiday, or the person may be on holiday in which it indicates it’s from and they just need you to transfer them $10K, so they can get home for Christmas. Please don’t fall for these emails. Check email addresses, names and verify directly with anyone with the contact information you already have (don’t use any details in the scam communications as they are more than likely fake). This way if you know the person you will be able to confirm that the information is correct and not a scam that will leave you red-faced when you return to work next year.
You can be certain that you will receive emails around specials that are way too good to be true, yes there are some good sales at this time of year but make sure you do your homework and don't fall for a dodgy email that doesn't match up with a store or online shop you would normally deal with (it may be better to miss a bargain then fall for a scam).
“Two iPhone 8’s for $399 – Only for first 20 orders” now that would be a good deal, how about a “HP Gaming laptop at 80% off for today only”, I’m sure both options sound very enticing but are unlikely to be real – Remember if it’s too good to be true then it probably is.
This is just the start. Let me ask you a strange question (Yes, I know you can’t actually answer me), Where are all your staff over the festive season? On Christmas morning, what are they doing? Spending time with their families, enjoying themselves not even thinking about what is happening back at the office and that is good - we are meant to be having a break.
Isn’t this a perfect time to attack your systems though? A cybercriminal can gain access to company systems, work their way through the systems without any concern of anyone noticing because everyone is off enjoying themselves. Some companies close down for weeks over this time, just imagine what a skilled malicious actor could do with a couple weeks. All your customer details are stolen, they now have access to all of your account information and you probably have saved credentials on the accounts pc (I’m rolling my eyes as I can’t believe people still do this) so they login into your bank accounts and start to transfer out money (yes the bank will probably give this back to you but on many occasion the criminal still gets away with the cash), the amounts might be small so they aren’t noticed but they add up for the malicious actor.
Once they have all of the data they want and take your money, they will then infect your entire systems with ransomware, this will encrypt all of your company data which they will then try to sell back to you. It's a great business model really when you think about it, they steal your data and make it so you can’t use it, then make you pay upwards of $2K-$20K (Sometimes much more) so you can have it back. They cause all the pain but make all of the money while you and your organisation are losing money like a ship takes on water when it is sinking. It’s hard to recover from something like that, especially if you aren’t prepared.
Do yourself a favour and ensure that before your staff all leave for the festive season (or earlier if possible) make sure that your backups are all working and are isolated from your primary networks (offsite options are great). Make sure you have some good security in place even if that is just a good antivirus (so many people don’t even have that – please don’t be one of them), if you have time, help your staff by training them on the basics of what to look out for - It could be the thing that saves you from a breach.
Invest the time and money now before the breach takes place, after is too late, trust me. Yes, you may have cyber insurance and that is great and I definitely recommend you getting it if you don't but even with cyber insurance, what about the downtime when you can’t service your customers,? What about the brand reputation damage? Will customers still deal with you after this kind of incident? We can’t try and keep it from them (as I’m sure businesses have done in the past), you must tell them, it’s law in Australia.
No systems are 100% secure, we can't stop all attacks but all of Australia's largest breaches this past year were done with known vulnerabilities that could have been patched or secured to prevent them. Yes, sometimes there are reasons that things aren't patched but do the prep work, make sure your systems are secure and you will thank us, that’s certain.
Do not leave it until it is too late. Ensure that you have a great festive season, with no hidden surprises upon your return.