As we approach the Christmas period, many of us will be getting ready to pack up for the festive holidays. Wrapping up end-of-year tasks before we leave the office, end-of-term time for schools across the UK, and everyone shopping for gifts both on the high street and online. December is a hectic month for individuals and businesses alike, and cybercriminals are aware of this.
The Christmas period always sees a spike in cyber attacks with cyber criminals attempting to exploit vulnerabilities to compromise your data, devices, and finances. This year, in collaboration with (our Cyber Essentials Partners Mitigate Cyber and our colleagues at the South East Cyber Resilience Centre), we have created a cyber advent calendar, filled with our top tips and resources to help you remain secure and ready for the New Year.
Download these Cyber Security Resources:
Cyber Incident Response Guide
Use this guide to help prepare for, respond and recover from cyber incidents.
Guide for Small Businesses
What is Cyber Security? Read our guide for small business owners.
Cyber Security Checklist
This helps you to remember all the ways to keep your business secure from cyber criminals.
Back to the Office Guide
Think about upgrading your Cloud Security, implementing Working from Home Policies and arranging Cyber Awareness Training for your team.
Where is the most secure place to work when working remotely?
Are you at increased risk of falling for a scam or cyber attack when out of the office?
December 1st - Cyber Security Tip #1
Online Christmas Shopping Scams (Fake websites/phishing emails)
During the Christmas period, online shopping can increase by 129%! Cybercriminals are aware of the spike in online purchasing and will use various tactics to deceive you into providing sensitive data and financial details.
In order to minimise the risk of being scammed when purchasing online, look to ensure:
-
Websites and retailers are legitimate.
-
Use payment services, such as PayPal, to keep your bank details protected.
-
Emails with retailer offers are genuine, and avoid clicking links or downloading attachments embedded within the email.
01
December 2nd & 16th - Before You leave the Office Checklist
Online security doesn’t need to be complicated or stressful, following some simple steps can be the difference in you falling victim to a cyber-attack.
To help you prepare your business ahead of the upcoming Christmas break, we have produced a simple checklist of 8 things you should do to secure your business before you leave the office for the holidays.
02
16
December 3rd - Cyber Security Tip #2
New Technology Scams
New technology is one of the most popular Christmas gifts! However, using smart technology can come with many risks, especially before any security defences have been put in place. Cybercriminals commonly target these to gather your personal data and financial details.
To minimise the risk of your new device being compromised, ensure:
-
Multi-factor authentication is enabled, if possible.
-
When downloading new apps, research the developer and verify their legitimacy to avoid installing insecure, or malicious, software.
-
Never click links or respond to alerts urging you to install anti-virus software because your device has suddenly become ‘infected with Malware’.
03
December 4th - Cyber Security Tip #3
Tech Support Scams
Due to the rise in new technology, tech support scams are used as a way to compromise your devices and networks. Tech support scams are one of the most reported fraud types and can be done via phone calls, SMS, and email.
To reduce the risk of being deceived by this common cybercriminal tactic, remember:
-
Anti-virus service providers, or tech support companies, will never contact you to inform you that “there is a problem with your device”.
-
Never respond to messages, or phone calls, or click any links embedded within an email.
-
Never pay for tech support services via bank transfer, gift cards, or by wiring money.
04
December 5th - 20% Discount on Membership
We're rewarding you with an early Christmas gift!
During the Christmas period, you'll have enough things to pay for - not to mention energy bills and the cost of running a business. That's why we're giving you 20% off our membership!
Use code: ADVENT20
05
December 6th - Cyber Security Tip #4
Counterfeit Goods
During the Christmas season, sales of counterfeit goods are at an all-time high. Those who have their hearts set on gifting a designer or luxury item can easily fall into the trap of heavily discounted items that are likely to be knockoffs.
To avoid paying for fake products, ensure:
-
Websites you are purchasing from are legitimate retailers and, if possible, purchase directly from the manufacturer/brand.
-
If purchasing a product from an auction website or private seller, ask for proof that the item is genuine - if they can’t supply this, don’t purchase.
06
December 7th - Cyber Incident Response Plan
Would your staff be able to deal with a cyber-related incident?
Our free Cyber Incident Plan is best suited for small businesses or charities that don’t have an existing plan in place and want to create one, but they can also complement any existing plans.
This plan includes an emergency contact list template and covers the legal implications of a cyber incident for businesses. The checklists included in the guide will that businesses to consider the full spectrum of possibilities – from undertaking weekly IT security checks to ensuring you are testing your staff's response to incidents.
07
December 8th - Cyber Security Tip #5
Fake Charities
During the Christmas period, people are more inclined to donate to various charities and causes. However, cybercriminals are aware of this and will try to exploit this generosity with fake charity scams.
To ensure your donations are going to a legitimate organisation:
-
Don’t click links in any emails or messages. Instead, visit a legitimate charity website directly.
-
To check whether a charity is legitimate, see if they are registered with the Charities Commission.
-
Look out for any charities that are asking you to donate through a bank transfer or other money transfer services.
08
December 9th - Cyber Security Tip #6
'Problem with your package' phishing scams
With the rise in online purchases throughout December, cybercriminals are known to target and deceive individuals by sending fake communications posing as retailers or delivery services claiming there is a ‘problem’ with your package.
If you receive one of these communications, look to ensure:
-
The sender’s email address or phone number is genuine and from the company in question.
-
Don’t click links or open any attachments if you’re not 100% certain the message is genuine.
-
Does the communication contain the correct order/reference number? Usually, cybercriminals do not have access to this information, and genuine emails will always include this for you to cross-reference.
09
December 10th - Get certified with Cyber Essentials!
Talk to our Cyber Essentials Partners!
Cyber Essentials Partners like Mitigate Cyber, are official providers of Cyber Essentials and Cyber Essentials Plus Certification to local businesses and charities like you.
Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cybersecurity which can often become a requirement when tendering for work in both the public and private sectors.
10
December 11th - Cyber Security Tip #7
Fake eCards, Vouchers & Gift Cards
Over the past few years, gifting vouchers for Christmas has become extremely popular. Many companies and retailers offer this service, and the Christmas period is prime time for cyber criminals to send fake vouchers to unsuspecting recipients.
To avoid being scammed by a fake voucher, ensure:
-
Any emails are legitimate and from someone, you know.
-
If you receive an email from someone you don’t know, do not open the email or click on any links, as these can be full of malware.
-
Your devices have some form of virus protection installed.
11
December 12th - Cyber Security Tip #8
Enable Multi-Factor Authentication
81% of cyber breaches are due to weak or stolen passwords. Yet, 91% of people are aware that having weak passwords puts their accounts at risk. MFA is one of the most effective ways to secure your data and protect your accounts.
When setting up any new devices or accounts, set up one of the following MFA options:
-
Biometric: Retina scanning, fingerprint, or voice recognition.
-
SMS Verification: A text message with a one-time-use code that allows access to an account.
-
Security Questions: Answer a series of personal questions to verify your identity.
12
December 13th - Secure your social media accounts
Are your Instagram, Twitter & Facebook accounts secure?
Cyber attacks can be incredibly disruptive to your business, especially if you are reliant upon using Facebook’s marketplace, Instagram and Twitter to generate revenue over social media.
To minimise the risk of being locked out of your account ensure:
-
Your passwords are strong and multi-factor authentication is enabled.
-
Consider using user roles on your social media accounts, it’s best practice to grant direct access to just a few select employees so your social media accounts can stay secure.
-
Check which devices are signed into your accounts and remove any unfamiliar devices.
13
December 14th - Take our free Cyber Health Check
Is your Business protected from cyber attacks this Christmas?
-
Only 17% of businesses have trained their staff in cyber security, but the average cost to businesses in lost data and assets is £4,200 (rising to £19,400 for medium and large businesses).
-
Only 17% of businesses have audited their cyber vulnerabilities, with just 33% completing a cyber risk assessment.
-
With 83% of businesses facing phishing attacks, are you confident your staff know how to protect your business?
14
December 15th - Cyber Security Tip #9
Card Payment Scams
During the Christmas period, we should all be vigilant when purchasing items from a retail store using bank cards and Apple Pay. This busy time of year can see criminals using skimming devices which can easily steal your credit and debit card information when you swipe.
To stay secure when purchasing items in stores, we recommend:
-
Check for any obvious signs of tampering on any point-of-sale devices
-
Check the pin-pad for any signs for a PIN-snatching overlay
-
Check over your shoulder for anyone looking to steal your PIN number
15
December 17th - Cyber Security Tip #10
Insecure Public Wi-Fi Networks
When you’re out and about Christmas shopping, it might be tempting to connect to a public Wi-Fi network. However, it is recommended to avoid connecting to these as public Wi-Fi can easily be compromised by cybercriminals. An attacker would be able to direct you and your device to a harmful website or gather sensitive data.
17
December 18th - Cyber Security Tip #11
A Stressful Office Environment can lead to Mistakes
During the Christmas period, we're all under stress at home, in shops, online and at work. This high-stress time of the year is when cybercriminals hope to take advantage of you.
To minimise the risk of errors at work:
-
Double-check emails and text messages asking for personal or bank details, this maybe a phishing scam.
-
Don't assume that a text/email is from your boss or director at work, check with them personally especially when they ask for money or vouchers. This may be a CEO fraud scam!
-
Has your supplier emailed you asking for an invoice you weren't expecting? Pick up the phone and confirm the details with them, this might be an invoice scam!
18
December 19th - Cyber Security Tip #12
Do you need to advertise when your Christmas Party is?
Don’t advertise when you’re out of the office for your Christmas party, cybercriminals may use this time to try to infiltrate your network whilst your staff are away from the office.
If you are looking to share any Christmas party photos, do this after the event.
19
December 20th - Cyber Security Tips Video
20
December 22nd - Remote Working
What are the risks? How can you mitigate your risk?
With the continued rise of the number of freelancers, cybercriminals are beginning to shift their focus away from other targets and onto micro-businesses like self-employed freelancers. Freelancers tend to communicate a lot with people they don’t know personally, for example, prospective new clients and will regularly open new files in emails and share personal information in their inboxes such as invoices and PayPal details.
To stay secure when working remotely, look to ensure:
-
Make sure you have anti-virus software and an up-to-date firewall
-
Remember to back up your files and devices
-
Use strong, unique passwords and consider a password manager
-
Ensure your company has given you security awareness training
-
Obtain and achieve cyber essentials
22
December 23rd - Back to the Office Guide
When staff come back to the office, make sure they're secure
To minimise the risk of a cyber breach when coming back to the office, look to ensure:
-
Old passwords and accounts are updated. Don't forget to revisit any old passwords and change those which are most at-risk.
-
There are few things more important than sharing work documents remotely with colleagues and making sure you have a secure backup of your data in the cloud.
-
Out-of-date software, apps, and operating systems contain weaknesses. This makes it easier to hack, especially if your employees aren't keeping them updated. Check for updates today!
-
Have you thought about making sure your teams can continue to collaborate securely with a Working from Home Policy?
-
The most effective way to secure yourself in the digital world is to educate yourself and your staff. 80% of breaches could be prevented by ensuring your staff undergo Cyber Awareness training.
23
December 24th - Merry Christmas!
It's Christmas Eve!
Go and enjoy Christmas with your family and friends, we hope you found this Christmas Advent Calendar of Cyber Security tips useful!
24