Skip to content


3 Tips for Strong Cybersecurity Posture During the Holiday Season

By: Dataprise

3 Tips for Strong Cybersecurity

Table of content

During the 2021 winter holiday season, CISA, alongside the FBI, reported that they have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends. As the year winds down, employees use their saved-up PTO and spend time relaxing with family and friends. With fewer eyes monitoring critical systems, bad actors have identified this trend, and as seen in the report, attack businesses during this vulnerable time.

Having systems and plans in place and remaining vigilant is of the utmost importance to secure your company and make sure your employees can enjoy some well-deserved time off. What does this vigilance look like? Let us dive into 3 necessary steps to take to ensure a strong cybersecurity posture during the holiday season. 

1.  Create or Modify your Incident Response Plan

An Incident Response Plan (IRP) provides a playbook for how your organization should respond to a cyber-attack. With the potential of employees being unavailable due to being out of the office, it is critical to review your current plan and ensure it is accurate and up to date. Even outside of the holiday season, incident response plans are critical to:

  • minimizing downtime associated with ransomware
  • securing your organization’s sensitive data
  • creating step-by-step processes for how to respond and even who to notify

If you would like to learn more about incident response plans and why they are essential to effectively mitigate damage from a cyber-attack, you can read here.

2.  Educate your users about the increased risk of vulnerability during this time

If your organization is not already, it is critically important to be running security pieces of training year-round. Malicious actors are constantly creating new ways to attack organizations and steal sensitive data. Before we get too far into December, have your IT department issue a training course with informative material on the increase in cyber attacks during the holiday season.

One of the most common ways bad actors attempt to breach organizations is through Phishing. Employees may feel more rushed during this time of the year, and may not be checking things such as email, as closely as they should. Running phishing training can ensure that employees remain vigilant and do not open malicious links. A few examples of how organizations may be targeted are through fake charities or fake websites, as these are set up to obtain sensitive credentials which can then exploit vulnerabilities within organizations.

3.  Patch and update all systems and software

The end of the year should serve as a benchmark for a time for your organization to review all the systems in place. Regularly patching and updating software and systems is a big step towards having a stronger cybersecurity posture. New vulnerabilities are constantly being uncovered, and with those vulnerabilities come patches to address. Bad actors target out-of-date systems and software as entry points into company-sensitive data.

In addition to patching and updating, it is important to also be testing, to ensure everything is operating as it should be. Our experts have put together a free tabletop exercise that your team can use to walk through potential cyber risk scenarios, evaluate cybersecurity posture, and identify potential gaps. Download and use it now here.

As the December holidays are near, and the year winds down, this serves as a perfect window for your organization to review its cybersecurity posture and organizational preparedness. It is known that offices close for the December holidays, and bad actors work twice as hard during these times as research shows from CISA and the FBI. With the 3 tips above, you can best prepare your organization and mitigate a potential disaster.


Recent Tweets


Want the latest IT insights?

Subscribe to our blog to learn about the latest IT trends and technology best practices.