top of page
  • Writer's pictureJared Thompson

Keeping your Business Secure over the Christmas Holidays

Out of the office doesn't mean out of mind - remember to keep your business secure over the Christmas holidays!

Picture this; the clock is close to striking five on Friday, 24th December; keys in hand, you’re ready to lock the office doors and send your staff home for the holidays. You’re already daydreaming of relaxing by the fire with a glass of mulled wine. But this gets rudely interrupted at 4.55 pm when all your systems go down.

Would you know who to call if you found yourself in this situation? What actions would you take if it was on Saturday or between Christmas and New Year's Day? Would you know how to reach your key contacts if there was a total system lockout?

Don't leave your defences down at Christmas

At Christmas, when your business defences are down, and there’s an extended period where the majority of the workforce is out of the office, it presents a prime opportunity for a cybercriminal to buy more time and poke around your systems undetected.

In the days leading up to 4 July in the USA, a cybercrime gang infiltrated US IT firm Kaseya and posted a $70m ransom demand on the business’ blog on Independence Day. It had global repercussions affecting more than 1,000 companies in their supply chain.

But you don’t need to be turning over millions to attract the bad guys; micro and smaller-sized enterprises are uniquely at risk. Your business’ digital door may be shut, but are you confident it’s locked securely? It doesn’t take much for hackers to barge their way in and gain access to sensitive data. If vulnerabilities aren’t appropriately identified and fixed, you could become repeat business for online criminals.

A report by telecom giant Vodafone found that:

More than 1.3 million small and medium-sized businesses across the UK could fold given the cost of an average cyberattack, which government data states is nearly £8,500!

We hope this never happens to you!

Ways to protect your business this Christmas

Organisations and business owners are now gearing up for the Christmas period, which means radars should be on a higher alert due to increased risk exposure and more of your staff heading off for annual leave.

We can’t stress enough how important having a security plan is for SMEs like yours. The National Cyber Security Centre has provided preparatory guidelines in five simple steps - think of this invaluable resource as your response and recovery bible - to weaken some impact should an attack occur.

12 Tips for Businesses to Stay Secure this Christmas

  1. Use a Password Manager to keep track of your passwords - don't write them down on Post-it notes!

  2. If you receive a scam email or text message, don't click any links or attachments if you’re unsure it is genuine. Clicking a link in a phishing email could download viruses onto your computer or steal personal information. Send to the Suspicious Email Reporting Service: and forward any suspicious text messages to 7726.

  3. If you purchase any new devices this month, don't forget to install the latest updates and patches. Installing the latest updates can stop criminals from exploiting old systems or software faults.

  4. When you use different passwords for your important accounts, it can be hard to remember them all. A good way to create strong, memorable passwords is by using 3 random words. (For example, purplehollypudding71!).

  5. Avoid giving hackers the toolkit to attack your website; make sure you have a website firewall installed, update your CMS and control access management.

  6. When creating backups, keep them separate, in a different location from your network and systems, or in the cloud.

  7. When you're out shopping, use mobile data or hotspot devices instead of public Wi-Fi where possible.

  8. Don’t advertise when you’re out of the office for your Christmas party, and post the office Christmas party photos after the event. Cybercriminals might try to hack your systems if they know staff are away.

  9. Keep your social media accounts secure by knowing which staff members have access and which devices are signed into each account.

  10. Two-factor authentication (2FA) ensures that any new device trying to log in or make account changes needs a second layer of security before access is given. 2FA includes single-use codes sent via SMS, email, phone, or smartphone application.

  11. Download our Cyber Security Guide for Small Businesses for an overview of the basics, and stay secure when you’re heading back to the office with our handy guide.

  12. Take advantage of our free support for businesses in Greater Manchester - we're offering a fully-funded package of support which includes training, 1-2-1 consultation and 12 months free membership.

Got a security plan in place but want further support? The Cyber Resilience Centre can assist you with our Cyber Advent Calendar and these additional options:

Security Awareness Training – the key to security awareness training is to equip all your employees with a level of awareness to combat online threats. Employees need to be taught what clues to look for that indicate threats and how to respond when they see them. We’re currently offering free training, policy templates and memberships to any businesses based in Greater Manchester - Learn more here.

Cyber Essentials – this is a government scheme that helps you make your business more resilient against cyber-attacks. Cyber Essentials includes £25k insurance for SMEs and immediate access to a helpline to support you in the early stages of a cyber-attack. So there’s someone there for you 24/7/365. To learn more about that process, we have several cyber essentials partners who can work with you to achieve the qualification.

We aim to lend a hand to SMEs in the North West of England, so please get in touch if you want to know more about this or anything cyber-related. Here’s to a restful and problem-free Christmas and a Happy New Year!


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page