Shut for the holidays? Beware, cyber-criminals may play while you're away
Shut for the holidays? Beware, cyber-criminals may play while you're away

While the holiday season is traditionally thought of as a quiet period in the digital B2B world, the 2017 festive season could be quite the opposite.

As we wind down for the holidays, it's tempting to switch off completely and run a skeleton crew to monitor network security and performance. But, after a year of devastating data breaches, it's inevitable that a high percentage of businesses will suffer at the hands of cyber-criminals this holiday season. 

The quiet time in between Christmas and the New Year is the perfect opportunity for criminals to take advantage of any gap in network security, and much of this criminal activity has been well planned and prepared for some months, waiting to catch enterprises unaware.

So, what can your business do to prevent, or at least minimise and contain, a full scale cyber event during the holidays? 

Deck the halls

Being fully operational during the holidays is critical. Security teams need to be very risk averse from around September. It's essential that IT teams complete patching, updates and changes to their networks before high volume traffic times hit so they can focus on responding quickly to network events and security issues. 

Monitoring during peak times is critical. Companies need a 24 hour, seven-day-a-week view of what's happening on their networks. Monitoring can flag both operational issues, in terms of optimising network performance, and malicious issues such as, would-be hackers looking to steal customer data. 

Companies need to dedicate more time and resource to testing site and application performance, using dedicated network recording solutions to reduce discovery time surrounding these issues. Being able to dig into packets gives companies the ability to troubleshoot and discover where problems lie on the network. 

The fact is network performance issues have the potential to cost businesses millions of pounds per minute. This is where set-up and preparedness comes in.

Review your security rules 

On average, around five new cyber-threats are discovered every day that are capable of exploiting network vulnerabilities, disrupting normal business functions and leading to the loss of critical data. This presents a real problem for IT managers operating complex defence-in-depth security strategies. The best defence is to keep security rules 100 percent up to date to keep pace and maintain an optimum security posture.

Mind your backups

Regardless of whether an issue is performance related or malicious, businesses need to be able to quickly identify exactly what's happening. Even something as simple as setting backups to run in parallel with other business-critical network events can cause mayhem. 

In theory, backup traffic should have low priority compared to other types of business-critical traffic, which should get preferential treatment. But unfortunately, that's not always the case –how many times have we heard about a performance issue that turned out later to be caused by a rogue backup using up too much bandwidth?

Checking backups are working correctly is also important. Make sure that backups are being checked carefully over the break. Are they completing correctly? Is there enough space?
 

Remind your staff about Phishing emails

Christmas is a great time for attackers to camouflage their phishing and whaling activity. At this time of year staff are even more likely respond to “special offer” emails or notifications about shipping delays or flight cancellations or even that email from the boss asking for an urgent wire transfer. 

So, send out a timely reminder to staff to take extra special care to check their emails carefully before they click on any links. Just because it looks like it came from someone they know doesn't mean that it did.

Take care of basic housekeeping 

As with any business that has an increase in visitors for Christmas, basic housekeeping must be kept up. This means more staff training, more focus on patching and standardising and possibly a move away from BYOD, simply because of the multitude of security variables it can introduce to any network. Initially businesses thought letting employees use their own devices would increase engagement and possibly even save them money. But the reality is that BYOD has simply proven very hard to regulate and the risks it poses too difficult to protect against. 

Those employees who do come in over the quiet Christmas period may have more time on their hands than usual, so make sure they understand what are safe and acceptable downloads, and what are not.

With the right plans, practices and network monitoring in place, companies stand a good chance of weathering the holiday period and minimising the damage of breaches. The combination of keeping security rules up to date and having 100 percent network visibility will give companies a belt and braces approach to detection and auditing, which will significantly accelerate response times to keep networks safe this holiday season.  

Contributed by James Barrett, senior director EMEA, Endace

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.