“The holidays are an opportunity to spend time with our loved ones and enjoy some well-earned rest” Inglis and Neuberger wrote. “Unfortunately, malicious cyber actors are not taking a holiday and they can ruin ours if we are not prepared and protected”.

Christmas & holiday season is the worst time of the year for your organization to suffer a data breach. Forecasters are predicting that US retail and ecommerce sales will jump 42% in the 2021 holiday season. With increased financial and email activity, more chances arise for personal data theft. In order to prevent attacks during the upcoming holiday season, Inglis and Neuberger recommended that organizations take steps including patching vulnerable systems, multi factor authentication on sensitive accounts, increasing cyber security awareness training for employees and backing up data.

Let’s take a closer look at Cybersecurity during holidays. We will discuss how your organization can prepare for advance threats.

The FBI & CISA highly Recommended Mitigations:

The FBI and CISA highly recommend organizations continuously and actively monitor for ransomware threats over holidays and weekends.2  Additionally, the FBI and CISA recommend identifying IT security employees to be available and “on call” during these times, in the event of a ransomware attack. The FBI and CISA also suggest applying the following network best practices to reduce the risk and impact of compromise.

Make an offline backup of your data.

    • Make and maintain offline, encrypted backups of data and regularly test your backups. Backup procedures should be conducted on a regular basis. It is important that backups be maintained offline as many ransomware variants attempt to find and delete or encrypt accessible backups.
    • Review your organization’s backup schedule to take into account the risk of a possible disruption to backup processes during weekends or holidays.

Do not click on suspicious links.

      • Implement a user training program and phishing exercises to raise awareness among users about the risks involved in visiting malicious websites or opening malicious attachments and to reinforce the appropriate user response to phishing and spear phishing emails.

If you use RDP—or other potentially risky services—secure and monitor.

      • Limit access to resources over internal networks, especially by restricting RDP and using virtual desktop infrastructure. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources and require MFA. If RDP must be available externally, it should be authenticated via VPN.
      • Monitor remote access/RDP logs, enforce account lockouts after a specified number of attempts, log RDP login attempts, and disable unused remote access/RDP ports.
      • Ensure devices are properly configured and that security features are enabled. Disable ports and protocols that are not being used for a business purpose (e.g., RDP Transmission Control Protocol Port 3389).
      • Disable or block Server Message Block (SMB) protocol outbound and remove or disable outdated versions of SMB. Threat actors use SMB to propagate malware across organizations.
      • Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
      • Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established security policy.
      • Open document readers in protected viewing modes to help prevent active content from running.

If you use RDP—or other potentially risky services—secure and monitor.

      • Upgrade software and operating systems that are no longer supported by vendors to currently supported versions. Regularly patch and update software to the latest available versions. Prioritize timely patching of internet-facing servers—as well as software processing internet data, such as web browsers, browser plugins, and document readers for known vulnerabilities. Consider using a centralized patch management system; use a risk-based assessment strategy to determine which network assets and zones should participate in the patch management program.
      • Automatically update antivirus and anti-malware solutions and conduct regular virus and malware scans.
      • Conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices. (See the Cyber Hygiene Services section above for more information on CISA’s free services.)

Use strong passwords.

      • Ensure strong passwords and challenge responses. Passwords should not be reused across multiple accounts or stored on the system where an adversary may have access.

Use multi-factor authentication.

      • Require multi-factor authentication (MFA) for all services to the extent possible, particularly for remote access, virtual private networks, and accounts that access critical systems.

Secure your network(s): implement segmentation, filter traffic, and scan ports.

      • Implement network segmentation with multiple layers, with the most critical communications occurring in the most secure and reliable layer.
      • Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses. Prevent users from accessing malicious websites by implementing URL blocklists and/or allow lists.
      • Scan network for open and listening ports and close those that are unnecessary.
      • For companies with employees working remotely, secure home networks—including computing, entertainment, and Internet of Things devices—to prevent a cyberattack; use separate devices for separate activities; and do not exchange home and work content.

Secure your user accounts.

        • Regularly audit administrative user accounts and configure access controls under the principles of least privilege and separation of duties.
        • Regularly audit logs to ensure new accounts are legitimate users.

Have an incident response plan.

        • Create, maintain, and exercise a basic cyber incident response plan that:
        • Includes procedures for response and notification in a ransomware incident and
        • Plans for the possibility of critical systems being inaccessible for a period of time.

Specifically, CISA and the FBI urge users and organizations to take the following actions to protect themselves from becoming the next victim:

        • Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
        • Implement multi-factor authentication for remote access and administrative accounts.
        • Mandate strong passwords and ensure they are not reused across multiple accounts.
        • If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
        • Remind employees not to click on suspicious links, and conduct exercises to raise awareness.

Additionally, CISA and the FBI recommend maintaining vigilance against the multiple techniques cybercriminals use to gain access to networks, including:

Merry Christmas Cybersecurity and Happy New year!!

By protecting addressing cybersecurity in your organization, you can enjoy the holidays safe in the knowledge that risk are minimized. Also, Its important to remember that cybersecurity threats don’t just exit during the holiday season and Cybersecurity layer is very important in your business. A cyber attack is a terrible experience no matter what the time of the year. It’s good idea to consider cybersecurity in your organization with TechPolygon Next-Gen technology cybersecurity service provider. @TechPolygon,LLC