‘Tis the Season of Cybersecurity

The holidays are upon us — a time to take a break and connect with family and friends. While it’s important to relax, reset, and recharge during your holiday break, it’s NOT the time to let down your guard when it comes to cybersecurity. Like Amazon delivery drivers, cybercriminals are working overtime during the holidays — and that includes planning ransomware attacks on the public sector and leveraging the newly discovered Apache Log4j software vulnerability.

Ending the Year on an Alarming Note

According to a 2021 report, ransomware continues to be a top threat for businesses and organizations, with supply chain attacks gaining steam this year. Here are some eye-opening statistics (on average):

• Ransomware perpetrators carry out more than 4,000 attacks daily.
• One in 3,000 emails that pass through spam filters contain malware.
• Organizations pay an average ransom payment of $233,217.
• There is a 19-day downtime following a ransomware attack.
• In 2021, ransomware attacks against businesses occurred every 11 seconds.
• The global cost associated with ransomware recovery exceeded $20 billion in 2021.

Out of Office Alert: Prepare Before You Go

Chances are, many people will be out of the office during a portion of the holiday break. Cybercriminals know this and view the season as a prime opportunity for ransomware and supply chain attacks. Just as you prepare your home before you leave for vacation, you can do the same for your IT infrastructure.

The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI share the following tips for organizations to strengthen their cybersecurity strategy before the holidays:

• Identify on-call IT security employees who can surge in the event of an incident or ransomware attack during weekends and holidays.
• Implement multifactor authentication for remote access and administrative accounts.
• Mandate strong passwords and ensure they are not reused across multiple accounts.
• If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
• Remind employees not to click on suspicious links or attachments and to be aware of phishing scams and fraudulent websites.

Pass Along Holiday Wishes — and Security Tips — to Your Team

Cybersecurity doesn’t end at the server room door. Security breaches affect you and your teammates away from the office, too. Use this time to remind colleagues about the importance of cybersecurity by sharing these helpful reminders:

• If you’re headed out of town for the holidays, bring along as few mobile devices as possible to decrease the risk of loss or theft.
• Be sure your mobile devices are running the latest operating system and have screen lock and remote tracking enabled.
• Use public Wi-Fi sparingly. Whenever possible, connect to Wi-Fi using the personal hotspot feature on your smartphone.
• Avoid using public computers to log in to your accounts or access sensitive information. Public computers can easily house malware.
• Avoid oversharing on social media. This could easily tip off criminals that you’re away from home.
• Never post photos of your personal ID, boarding pass, or vaccination card on social media. That’s an open invitation for identity theft.

Have a Cyber-Safe Holiday

I hope these tips help strengthen your end-of-year cybersecurity strategy and provide peace of mind during the holiday season. Wishing you a safe and happy holiday filled with fun, family, and friends — and free of cyberattacks. Jeremy Ward Vice President, Information Security Officer Tyler Technologies