The Data Breach You May Have Narrowly Avoided Over the Holidays
We’ve turned the corner on the holiday season, but it’s important to understand the increased risks to equip your business with the best security practices for the year.
With the holidays having just passed, it’s a great time to review the types of risks you may have narrowly avoided falling victim to. The holidays don’t just mean presents and snow — they also mean an increased risk of a data breach for companies around the world.
Due to factors like more employees working remotely, increased phishing attacks hoping to capitalize when users are vulnerable, and a general decrease in maintaining secure practices, the holidays are full of opportunities for bad actors to take advantage. Though we’ve turned the corner on this holiday season, being aware of the potential risks is the best way to stay secure year-round and eventually prepare yourself for the 2020 holiday season.
Why Do Breaches Increase During the Holidays?
There are several factors that come together to create the perfect storm of increased data breach risk during the holidays. First of all, hackers know that many people are shopping and searching for deals during this time. That means that phishing attacks increase substantially during this period through targeted offers that capitalize on this vulnerability. These offers ask that users submit their credit card information to take advantage of a deal, and then proceed to steal this information. For example, employees working over the holidays are often specifically targeted with spear-phishing campaigns offering gift card deals or discounted airfare.
Another major factor in increased risk is that during the holidays, employees are far more likely to work remotely than any other time of year. Given that many employees do not follow good cybersecurity protocols when working remotely in general, this increase during the holidays in combination with the increased number of attacks poses a real danger of data breach.
According to a study by T-systems, 24% of employees access work-related documents and emails using free Wi-Fi hotspots and 28% use their personal email to send and receive work documents during the holidays. Public Wi-Fi hotspots are known to be extremely insecure and vulnerable to communication interception by cyber criminals, while exchanging emails on personal devices invariably means lower security than using corporate devices. When your employees engage in these practices, your organization is inevitably opened up to potential attack.
The simple truth is that companies are particularly susceptible to attack during the holiday season — a fact that hackers are keenly aware of. During this time, many companies reduce their defenses, going so far as to not change the code for their mobile applications or websites for extended periods. This is often done out of fear that the systems might break down during peak traffic, all while many IT professionals are away on vacation, leaving no one to fix the issues.
Companies That Have Been Attacked
Every year, there are major companies that fall victim to data breaches during the holiday season. Last year, Macy’s, Kay Jewelers, Jared, Adidas, PoshMark, and Planet Hollywood all experienced serious data breaches. The diversity of these victims highlights a key point that is often forgotten when companies consider their own vulnerability to hacking: every company has data that can be monetized on the internet’s black markets, meaning that every company is a target — no matter its focus or its size.
The biggest reason that companies are vulnerable to hacks is that they do not invest sufficient resources into their cybersecurity, often without considering the fact that the financial repercussions of a data breach are far greater than the cost of preventive security measures. According to a Gartner report in 2016, companies only spent 5.6% of their IT budgets on security, while the costs of a data breach can easily be in the millions (or even billions), not to mention fines and legal settlements.
One recent example that demonstrates the concrete and immediate financial costs of data breach — beyond the potentially permanent costs due to loss of trust and reputation among customers — occurred in early 2018 when Under Armour experienced a breach. Following the announcement of a breach of the 150 million user accounts that were tied to the company’s MyFitnessPal nutrition-tracking app, the company’s shares immediately fell 4.6%.
How To Prevent a Data Breach
Clearly, it is critical that companies take precautions to stay safe from a data breach — throughout the year and especially over the holidays. There are a number of steps companies can take to better arm themselves against hackers that range from security awareness training to investing in quality cybersecurity solutions.
The first thing companies can do is educate their employees about cybersecurity best practices, including avoiding vulnerable Wi-Fi connections and not sending sensitive work documents and information through their personal email. As employees are often an organization’s weakest link, it’s key that they are aware of how to detect and avoid phishing scams.
Companies then need to evaluate their security infrastructure and see where they can improve. The unfortunate reality is that, despite best efforts, the holidays are a difficult time to stay on top of threats. In fact, many may need additional support to prevent a devastating breach. The cybersecurity experts at Turn-key Technologies, Inc. (TTI) can help provide that support. When employees step away from the office for the 2020 holiday season or anytime during the year, having managed services and cybersecurity expertise at your disposal will help protect you around the clock.