Organizations experience 30% more ransomware attacks during the holiday season, with a 70% average increase in attempted ransomware attacks in November and December compared with January and February. Many factors converge to make defending our infrastructures more challenging, such as increased online transactions and a shortage of IT resources as employees go on vacations.

Yet, the holiday period is critical for many businesses. Downtime can be particularly costly, causing financial losses and tarnishing a company’s reputation. Chief information security officers (CISOs) should proactively implement strategies and protect their infrastructures against hacking months and weeks leading up to this busy time of the year. 

Here’s how to keep your business safe.

The importance of cybersecurity awareness during the holiday season

A lot happens during the end of the year, making it most challenging to defend a complex IT infrastructure. For example, many employees take time off and are out of the office. With fewer IT resources, it’s harder to identify and fix issues immediately, leading to vulnerabilities and giving hackers a bigger window to infiltrate your systems or exfiltrate data.

Most people—including your employees—are busy preparing for the holidays while trying to wrap up year-end processes. The frantic pace often causes people to let their guard down. For example, they’re more likely to click on phishing emails promising deals and discounts and less likely to follow cybersecurity best practices to prevent attacks.

Some employees may work from home or on the road during the holidays, accessing your systems, networks, applications, and data from places without secure Wi-Fi. Additionally, the increase in login locations and Internet Protocol (IP) addresses can make it harder for security teams to identify abnormalities and contain suspicious activities promptly.

Top holiday cybersecurity tips for CISOs

With so many things going on, where should you focus your resources? We’ve pulled together a list of cybersecurity tips for the holidays to help prioritize your efforts:

1. Automate digital certificate renewals
2. Educate employees about phishing scams
3. Establish an incident response plan for the holiday period
4. Implement passwordless solutions
5. Conduct certificate discovery pre-holiday
6. Exercise caution with public Wi-Fi and hotspots
7. Update website and software to eliminate vulnerabilities
8. Consolidate external vendors and services
9. Run daily website backup
10. Lock down privileged accounts

1. Automate digital certificate renewals

Expired digital certificates (e.g., SSL / TLS certificates) may cause outages and service disruptions or expose sensitive data exchanged between browsers and your website server to cyberattacks. They can also trigger browsers to display a warning message, discouraging people from visiting your website and costing you sales during this critical time.

Track certificate expiration, and take care of renewals before the holidays. Also, implement a strategy to handle renewals and revocations when key staff members aren’t available. Automating your certificate lifecycle management (CLM) with a trusted, enterprise-grade platform like Sectigo Certificate Manager helps you ensure that nothing falls through the cracks.

*** This is a Security Bloggers Network syndicated blog from Sectigo authored by Nick France. Read the original post at: https://www.sectigo.com/resource-library/10-holiday-cybersecurity-tips-for-cisos