It’s the Holiday Season, and Data Breaches are Coming to Town
What puts you in the Christmas spirit? Santa, elves, presents, and snow, probably. Certainly not cybersecurity. But, if you are a business owner, you might want to add it to the list.
Unfortunately for businesses, malicious actors’ idea of a great Christmas is spending the day locking your data behind ransomware. Christmas is a prime time for data breaches and ransomware attacks. A study done by Darktrace showed that cyber-attacks increase by 30% during Christmas and New Year’s. Several companies, including Macy’s, T-Mobile, and Medibank have experienced data breaches and ransomware attacks on Christmas day.
Cyber-attacks are common during the holidays because businesses are more susceptible to security breaches. During the holidays, there are less employees in the office, and traveling employees work at home on non-private networks. Employees may be less engaged with their usual routines, and cyber diligence can falter. Cyber criminals see this reduction in security and make their move. A whole company’s holiday can be ruined by a simple “Merry Christmas!” phishing email that leads to a ransomware attack, or an malware intrusion stemming from an employee’s use of an unsecured public network.
Preparedness & Best Practices
The possibility of a data breach over the holidays can be daunting for business owners, but there are several ways to protect yourself and your business.
Long term, your business needs to implement an Incident Response Plan (IRP). An IRP is a “predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information systems(s).” In an IRP, everyone knows their role and how they need to respond in the event of a data breach. Having an IRP prevents disorganization, confusion, and saves precious time during a security event. Not only will less data be lost, everyone will be able to return to enjoying the holidays much sooner.
Short term, education is the best defense. Take time this December to remind employees of your company’s cybersecurity policies. Provide optional training sessions, and ensure remote employees are working in secure environments. A simple reminder to your employees to remain diligent could be the determining factor of how you (and your cybersecurity attorney) spend the holidays. Don’t let data breaches come to town, and enjoy the holiday season.
If you are looking to create an Incident Response Plan for your business or update any data security policies and/or procedures, contact a member of the Barrett McNagny Cybersecurity Team.
 Damir Mujezinovic, Cyberattacks Surge During the Holiday Season: Here’s Why, MakeUseOf (Nov. 21, 2022)
 George Anderson, Will A Hack Ruin Macy’s Christmas?, Retail Wire (Nov. 20, 2019)
 Incident Response Plan, NIST, (last visited Dec. 19,2022).