Christmas: the optimal time for cyber crime

With only six weeks till Christmas, your planning for the festive rush is doubtless well underway. Your marketing plans were made well in advance and are being successfully executed, you’ve started advertising your seasonal deals across your website, you know you’ve got extra sales coming your way and have prepared to fulfil them, you’ve got extra staff in your warehouse and in your call centre, your stock is high, and you’re ready for the increased demand that the festive shopping season will bring your way. It’s going to be a good Christmas for your business. Isn’t it?

But have you forgotten anything? One thing that’s often overlooked is the effect of all that extra web traffic on your servers. You’re planning to take advantage of the seasonal increase in online shoppers, but can your website cope with them? Whether you use your own servers or outsource your hosting to a third party, one thing’s for sure: customer connectivity is essential to commercial success. If the extra visitors your website attracts cause slow performance – or even a crash – then you’ve wasted a lot of hard work and lost a lot of custom.

The importance of customer connectivity at Christmas cannot be overstated – and neither can cyber security. If you’ve rushed to get extra bandwidth, make sure you’ve got your security planned in. Christmas may be your busiest time of the year, but it’s the busiest time of the year for hackers and cyber criminals too.

How to combat the festive cyber crime onslaught

Criminal hackers love the winter holidays. Obviously, they enjoy crisply crunching through silent snowdrifts and warming themselves in ancient inglenooks as they knock back mulled wine and roasted chestnuts while raucously roaring carols – that should go without saying. But they also love the increased criminal opportunities the holidays bring.

The festive period is frequently cited by cyber criminals as the best time of the year to engage in corporate hacking. Indeed, a 2009 survey of anonymous Defcon attendees found that 56% of cyber criminals thought the winter holidays the optimal time to hack corporate computers. Why?

Large numbers of employees using up their annual leave to spend time with their families means there are fewer people actually working – and those who are actually in the office have their minds on other things. They’re buying their Christmas shopping (one in five Brits do all their Christmas shopping online), they’re exchanging festive greetings and silly seasonal emails with their friends, they’re relaxed… they’re more susceptible. Their guard is down.

So, as the year moves inexorably towards its close and your employees start to turn their thoughts from meetings to mince pies, criminal hackers are dusting off their black hats and getting down to work. How sure are you that your organisation can withstand the biggest onslaught it’ll see all year, which will fall at the most financially sensitive time of the year? How sure are you that your staff will be able to deal responsibly with the increase in attacks? Are your cyber defences up to the job?

If you’re not entirely sure, don’t worry: although Christmas is fast approaching, you’ve still got time to protect your organisation from attack, but you need to get on with it.

Cyber Essentials

Launched in 2014, Cyber Essentials is a government-backed cyber security certification scheme that provides a set of five controls that organisations can implement to establish a baseline of cyber security, and against which they can achieve certification to prove their credentials. According to the government, implementing these controls will prevent around 80% of cyber attacks.

There are two levels of certification to the Cyber Essentials scheme: Cyber Essentials and Cyber Essentials Plus.

  • Cyber Essentials requires a company to complete a self-assessment questionnaire, which must be signed off by a senior company representative and then verified by an external certification body. An external vulnerability scan is also required if the company chooses to be certified by a CREST-accredited certification body such as IT Governance.
  • Cyber Essentials Plus requires a more advanced level of assurance. In addition to meeting the requirements of Cyber Essentials, organisations must undergo an internal assessment and internal scan conducted on-site by the certification body.

More than 1,200 organisations have already achieved certification to the scheme. Certification demonstrates to customers and business partners that fundamental cyber security measures are in place, and provides evidence to validate your organisation’s security posture.

Click here for a free guide to Cyber Essentials certification >>