Setting You Up to Shutdown: Protecting Your Business Over the Festive Period

As many businesses prepare to close their doors for their annual Christmas shutdown, it is important to make the resume work as seamlessly as possible by shutting down effectively. Unlike us, cyber criminals do not take a break; they typically work more, as highlighted by a recent study, Thrivedx, highlighting a 30% increase.

During the festive period, it is important to remain vigilant despite the heightened distractions in your own or your team’s personal and professional lives. This blog will cover some of the preparation steps your business can take to make the shutdown as secure as possible.

Asset Security

Whilst asset security might seem like the obvious point to consider, many businesses fail to consider risks in a variety of key areas, including:

• Secure Assets Storage: Many team members will take their work devices or other company property home, often when they do not usually, during the festive break. Ensuring these assets are kept secure both in the office and at home ensures no malicious activity can be physically carried out and also that the device is not stolen or damaged.
• Inactive devices Inactive devices can act as a sitting duck, ready to be captured by a cybercriminal with nobody to monitor. Devices that are not being accessed, such as desktop PCs, laptops, and work mobile phones, should be kept powered off when not in use. Moreover, removing them as an entry point for attackers can help improve the longevity of these devices.

Anticipated Threat Mitigation

As discussed in our previous blog, ‘Don’t Let Festive Scams Ruin Your Business’, threats amplify during weekends and public holidays. There is a large variety of threats that can be anticipated to rise due to their prevalence in the current threat landscape. These threats include:

• Ransomware Ransomware is currently a very common threat that encrypts a victim’s files, making them inaccessible. To regain access, the victim is instructed by the cyberattacker to pay a ransom.
• Social engineering: Social Engineering is the use of psychological manipulation of individuals in order to gain unauthorised access to sensitive data, systems or buildings. It works by exploiting vulnerabilities in human nature and trust, often replying on urgency, fear or curiosity to deceive victims. Common examples of these attacks include

o?? Phishing emails

o?? Malicious QR codes

o?? Vishing (Telephone phishing)

o?? Business Email Compromise (BEC)

For further details about these attacks, please read our previous blog, ‘Don’t Let Festive Scams Ruin Your Business’.

?

• Utilise Multi-Factor Authentication (MFA) Add an extra layer of security to as many services as possible with multi-factor authentication. Multi-factor authentication is the practice of
• Enforce strong security policies Ensure protection by mandating security measures. These could include measures such as:

o?? Strong password policies, encouraging the use of secure passwords and the mitigation of password reuse. A way to facilitate this is by providing and encouraging the use of password management software, such as our software of choice, Keeper.

o?? Enforced software updates. It’s no secret that software updates provide a huge security boost to your device or application. Ensuring these updates happen across your business's full estate ensures no device or application is left out from vital software patches.

• Consider a Cyber Insurance Policy Cyber insurance is a type of insurance that protects against losses caused by cyberattacks. It varies from policy to policy but typically covers incidents such as data breaches, ransomware attacks and system failures. Did you know that with Cyber Essentials certification, you get a baseline of cyber insurance for your business with an included liability policy?
• Infrastructure security Use technologies such as a firewall or Intrusion Detection System (IDS) to monitor and lock down your network to prevent unauthorised access. You should also have regular backups of all important data, whether it is stored locally or in the cloud at a secure offsite location.

?Preparing to shut down can be a daunting task. However, it is critical to ensure no nasty surprises greet you in January when you return to the office.

CTRL-S can help you get your business ready to switch off for the festive period and geared up for a seamless return in the new year. Get in touch today to let us know your biggest challenge in shutting down.