November 8, 2022

With the holidays fast approaching, opportunistic cybercriminals are looking to take advantage of people’s online shopping activities and hectic schedules. Educating employees on how to avoid potentially costly phishing attacks, and conducting ongoing phishing simulations, can help keep businesses safe from cyberattacks this time of year.

Businesses can be the targets of cyberattacks year-round, but are especially vulnerable during the holiday season, as employees mix personal and business devices to buy gifts online, make travel arrangements, donate to charities and communicate with family members and friends.

Cybercriminals know employees are likely to be distracted during the holiday season and relax their cybersecurity awareness practices. A recent report by cybersecurity consulting firm Cybereason noted that ransomware and phishing increased in November, December and January of 2021 and tended to occur on weekends and holidays, when fewer staff employees are around to detect and respond to attacks.

Think before you click

Phishing emails increase during the holidays and mirror the many unsolicited promotional emails people receive for Black Friday, Cyber Monday and other major shopping events. Cybercriminals offer coupons, deals and special offers from organizations and brands that people trust. When an unwary recipient opens a malicious email and clicks on an attached file or link, it plants malware on the mobile phone, laptop and corporate system.

Watch out for all-too-common phishing emails this time of year that offer ‘amazing’ sitewide sales, claim that shipping information was incorrectly filled out or warn of other problems delivering a package or card to a coworker or customer. These scams direct recipients to a site where they are asked to enter a login or credit card information. To avoid becoming victims of these fraudulent schemes, employees should avoid opening emails from senders they don’t recognize or clicking on questionable links or attachments.

Don’t take a vacation from cybersecurity

A 2022 Global Risks Report by the World Economic Forum found that human errors lead to 95% of data breaches, and these errors are likely to occur when people are distracted.

Cybercriminals recognize that businesses may be stretched thin at the end of the calendar year when more employees tend to take paid time off. When out of the office, employees may temporarily transfer their responsibilities to others who have little to no experience, or fail to designate backups at all. As a result, cyberattacks can be overlooked or missed entirely due to a lack of experience, too many responsibilities and understaffing.

In preparation for the holidays, organizations should review their cybersecurity incident response plans, ensure contact information for participants is accurate and reinforce to all team members what their specific responsibilities are and what to do if incidents occur.

9 tips for avoiding cyber-attacks during the holidays

  • Provide cybersecurity training education to reduce the risk of human errors
  • Keep email, website accounts and devices separate for personal and work use
  • Check the sender’s email address. If you don’t recognize it, be wary of opening
  • Exercise caution when opening attachments or clicking on links unless you trust the source
  • Closely read URLs for all sites you log into and share, access or create sensitive data
  • Don’t log in to Wi-Fi networks you don’t trust
  • Educate through phishing simulations
  • Regularly test your cyber defenses
  • If an employee falls victim to a phishing attack but realizes the mistake, report it immediately to IT

Traliant Insight

Especially during the holiday season, organizations should review and reinforce their security awareness plans, training and communication so that all employees know how to recognize and avoid phishing threats from cybercriminals. Educating employees on how to identify fraudulent emails, attachments and links can help ensure your organization doesn’t unwittingly gift its data and privacy information to fraudsters.



Mark Hudson