This holiday season will be like no other with the continued use of remote work, greater online sales, third-party sourcing from across the globe and employees taking much-needed time off. With their support networks and trusted relationships, IT service providers continue to be targeted by attackers. Cyber criminals will take advantage of these distractions to steal sensitive data, hold it for ransom or use MSPs as a stepping-stone to more lucrative victims.
Hackers often strike when businesses let their guard down, gaining access to networks but laying low to strike later. Once centered on key shopping days like Black Friday and Cyber Monday, cyber attacks are now extending across all of November and December and into the new year, making comprehensive vigilance and 24/7 visibility even more challenging. It’s time to fight back against cyber criminals with defense-in-depth resiliency to proactively protect your end customers at this crucial time of year.
Here’s a list of holiday season threats and best practices to defend against them:
- Step up vigilance during the holiday season: Knowing that businesses will be short-staffed or even preoccupied at the end of the year, cyber criminals intentionally target businesses in Q4. As a first step, keep systems patched and remind employees about cybersecurity risks like phishing and preventative measures. Look for suspicious behavior such as access from countries where you don’t have any operations or customers.
- Protect data in POS environments: Point-of-Sale (POS) devices enable consumers to complete purchases and transactions safely. These devices access critical infrastructure and assets as well as communicate with payment processors and banks. POS threats can include file-less attacks, ransomware, zero-day attacks and skimmers placed physically on devices. Use PCI DSS compliance standards as the starting point to identify POS risks and best practices. However, it is critical to realize compliance alone is not enough for adequate security.
- Don’t overlook work-from-home security: Your customers will continue to encounter more cybersecurity vulnerabilities as laptops remain outside the IT perimeter of headquarters. Employees may use work devices for online shopping or charity donations during the holidays, or, conversely, use less-protected personal laptops for work tasks. Layered defenses can help you stay current on remote work threats to rapidly mitigate persistent and well-funded adversaries.
- Boost endpoint security: With over 70% of threats starting on network endpoints like laptops and mobile devices, it’s clear that traditional endpoint security tools like anti-virus are insufficient. Endpoint protection platform (EPP) capabilities can block and even prevent threats in real time before damage occurs.
- Use multi-factor authentication (MFA): Increased authentication protection with multi-factor authentication (MFA) is an easy way to strengthen your security posture. MFA provides an additional layer of security that can compensate for
