An increase in email traffic marketing gift ideas and post-Christmas sales creates a heightened risk of cyber attacks this festive season – an expert from Bristol cyber security firm CSS Assure has warned.
Cyber criminals will be looking to make the most of the opportunity Christmas brings and exploit people lowering their guards in a rush to bag the best deals. And with an average of 58% of the UK workforce having access to the internet through their employer, businesses are at a greater risk of malicious threats.
Mike Wills, director of strategy and policy at cyber and data security firm CSS Assure, said: "In the run-up to Christmas and New Year, many outlets will run promotional offers to encourage spending. This is a potentially lucrative time of year for cyber criminals as they know shoppers are less vigilant as they rush to snap up the best deals.
"Cyber criminals will no doubt be looking to take advantage of the vast amount of transactions taking place and the financial information being shared as a result. There is also an increase in promotional email traffic, which makes it hard to differentiate the real bargains from scams – presenting a heightened risk of phishing attacks.
"While employees are a business' greatest asset, if they do not understand the risks and are not properly trained, they can be a huge cyber security liability and hackers are all-too aware of this fact. With this in mind, it is important businesses remind their people of the steps they can take to protect not just their employer, but themselves and their families this time of year."
Earlier this year,research carried out by CSS Assure found that almost three quarters of UK employees are not changing their work log-in and email passwords enough. Of those, almost one third admitted to never changing their passwords or only doing so when prompted, while 1 in 8 employees said they use the same passwords personally and professionally.
Mike said: "At a minimum, businesses should encourage and remind their employees to change their passwords at least once every three months as this will stop or prevent access to accounts if data has been breached.
"While this may seem like a faff, doing so is the single greatest defence a business can take towards protecting itself against a cyber attack. Currently, there are millions of emails and passwords for sale on the dark web for miniscule amounts, waiting for cyber criminals to purchase.
"Using the same password across multiple accounts or both personally and professionally is a major weak link in a company's security system. If one site is breached and an employee's credentials are exposed, their risk is amplified exponentially if they use that same password elsewhere."
From phishing and malware to social engineering and spyware, there are lots of ways cyber criminals can conduct a digital attack and these methods are constantly evolving.
Mike said: "In order to ensure they are protecting themselves and meeting their legal obligations, businesses should conduct a cyber and data security assessment. This is a thorough analysis of all information assets and cyber controls, making it is an essential first step to understanding their cyber resilience, and uncovering any weaknesses and risks that could leave them vulnerable to an attack.
"Typically, an assessment will consider every security component of a business to find any possible blind-spots, highlight where systems may have already been breached, and identify whether any information is already publically available that could put a business at risk.
"Once an assessment has been completed, the outcome will be a full picture of what is working well, what requires improvement, and what is missing entirely. Most importantly, it will provide a roadmap of what needs to be done to make you resilient, and limit your risk of a cyber attack and potential financial, reputational and legal damage."
Should a cyber attack cripple a business, they could be facing some hefty costs – including system repair, business interruption, knock-on impact to customers, adverse media coverage, and financial damages claims and regulatory fines, for example.
Mike said: "While even the most secure business is not guaranteed immunity, having the appropriate measures in place and being prepared should the worst happen will ensure confident, compliant and resilient employees, which, in turn, create a well-protected business."