How to Limit Data Breach Exposure During the Holiday Season

Put an incident-response plan in place, and train employees to avoid holiday-related scams

Your workplace might slow down or close for an extended break during the holidays, but cybercriminals are still on the job, trying hard to breach your organization’s data and earn themselves an illegal holiday “bonus.”

Given that more and more of your employees may be using the same devices both for work and personal activities, the risks of a data breach rise around the holidays, as staffers travel, shop online, and give to charitable causes. Now is the time to get your team ready for cyberthreats during the holiday season, so you can limit exposure to damaging breaches.

Beyond fostering a cybersecurity-aware workforce, it’s vital to plan your pre-breach incident response. The truth, as revealed in an Advisen survey, is that most organizations lack adequate resources to detect and respond to data breach threats. This puts them at risk for the costly fines, lawsuits, and reputational harm that often follow a breach.

Here are a few simple steps your organization can take to reduce the odds of experiencing a breach—and how to plan your response before an incident occurs.

Develop a Pre-holiday Cybersecurity Refresher Course

Cybersecurity training should be conducted across your organization on at least an annual basis, in order to improve information retention and to account for ever-evolving threats. Given the amplified risks associated with the holidays, right now is a good time for an employee refresher.

Train Employees to Avoid Common Holiday Scams

Your training should include information about common holiday-related scams. In particular, as more and more employees work remotely, the risk of phishing scams, in which fraudsters seek to capture a person’s data or plant malware through fake, malicious links, is greater than ever. This risk only increases as online activity ticks up during the holiday shopping and travel season.

The FBI warns consumers not to click on “suspicious links or attachments in emails, on websites, or on social media,” as these may be phishing scams. This advice is echoed by the Cybersecurity and Infrastructure Security Agency (CISA), which adds that consumers should also be careful about emails “requesting support for fraudulent charities or causes.” Meanwhile, the Federal Communications Commission (FCC) advises consumers to watch for package delivery scams, specifically regarding fraudulent calls or notifications about package delivery.

Advise Employees to Use a VPN

Another key part of your cybersecurity training should be to caution employees about the risks of public Wi-Fi, whether they’re working remotely or traveling for the holidays. The Federal Trade Commission (FTC) cautions consumers about using public Wi-Fi, as these open networks are susceptible to bad actors spying on people, infecting devices with malware, or connecting people to fake websites designed to steal personal data.

Employees should be advised to install a Virtual Private Network (VPN) tool such as SafeWiFi, offered as part of an IDX Employee Benefits Plan. By encrypting the internet connection so that cybercriminals can’t access a user’s personally identifying information, SafeWiFi enables protected use of public Wi-Fi.

Have a Comprehensive Breach Plan in Place

Prevention is important. But regardless of how well you’ve prepared your employees to avoid becoming victimized by cybercrime, breaches can and do happen, and they often result in catastrophic reputational damage and loss of revenue for the organization. A report from the Ponemon Institute and IBM found that the average cost of a data breach is $4.24 million.

It’s critical to prepare for a data breach before it occurs, and that means proactively establishing a relationship with an experienced incident-response partner like IDX.

Having a comprehensive incident-response plan at the ready, coupled with a workforce that’s been trained to recognize common scams, puts your team in strong position to avoid a data breach and to mitigate the damage should one occur. That’s a holiday gift any organization would love to get.