Your Holiday Cybersecurity Checklist

Did you know that cyber incidents spike by as much as 30% over the Christmas holidays? With reduced staffing and the festive spirit in full swing, cybercriminals see this as their perfect moment to strike. Vigilance is important as we navigate the holidays. To help you stay one step ahead, we’ve put together quick a cybersecurity checklist for actions your organisation can take that you may not have thought of.?

We won’t cover obvious tasks such as making sure the front door of the office is locked. However, we will suggest a few items that should make your list that you might have otherwise neglected.?

Beware of Increased Phishing Attempts?

Cyber criminals love celebrating the festive cheer with holiday-themed phishing scams. Train employees to recognise these tactics: such as fake gift offers, shipping notifications, or charity donation requests. Reinforce general phishing awareness, emphasising the dangers of clicking suspicious links, downloading unexpected attachments, or responding to unsolicited emails.??

We find that you can’t really do enough awareness training. Vigilant, security aware employees are your first line of defence.?

Establish an Emergency Communication Channel?

Emergencies won’t wait until the new year! Set up a dedicated communication channel, like WhatsApp or Signal, specifically for incident response, and for your incident response team.??

Ensure everyone knows how to use it and restrict its usage to emergencies to avoid the white noise of normal communications channels. This quick-response tool can save valuable time in case of a real incident.??

No one wants to be bothered during the break but knowing when it’s a real emergency can save a lot of heartache and prevent further issues in the future.?

Focus on Patching?

During the holidays, cybercriminals will bump up efforts to search for unpatched systems to exploit. Review your systems for vulnerabilities and prioritise patching known issues, especially those disclosed in recent months. Schedule updates now to avoid disruptions later. Proactively securing your systems will reduce the risk of exploitation and strengthen your overall security posture.?

If you have an automated vulnerability management platform, make sure you have a way for on-call members of your team to notified of any high or critical vulnerabilities.??

Turn off Non-Critical Systems?

This one is a little bit left field, but reviewing your IT environment and identifying systems that are not essential during the holiday period — such as UAT systems and other non-essentials that aren’t going to be used — can be good threat mitigation. Powering down these systems reduces your attack surface, making it harder for attackers to exploit unused assets. As a bonus, this also saves costs (especially if you’re cloud based) while ensuring your security focus remains on critical infrastructure.?

Restrict Sign-Ins for Offline Accounts?

For accounts that won’t be in use during the break — especially those belonging to overseas or seasonal teams — restrict sign-in capabilities. This minimises the risk of unauthorised access while users are offline. Temporary account restriction can be lifted easily after the holiday, ensuring a secure and smooth return to work.?

At Security Centric, we know the Christmas season brings unique cybersecurity challenges, and we’re here to help you navigate them with confidence. From phishing awareness training and incident response playbooks to guidance on turning off non-critical systems and restricting accounts, we provide tailored solutions to protect your organisation.?

Our team specialises in reducing attack surfaces, ensuring robust security processes, and helping you implement practical steps to safeguard your business against the ever-evolving cyber threat landscape. While it is likely too late to engage us this side of the new year – the above advice can help you with locking down until you can!?? ?