Cyber Security at Christmas

Andy Williams famously sang that Christmas is 'the most wonderful time of the year' and, with an estimated more than two billion people celebrating the holiday across 160 countries, it may be hard to argue against him.

Families and friends gather to spend precious time together. Whilst, for those in the Northern Hemisphere, temperatures drop, and snow settles.

If you consider yourself one of the more organised people, Christmas shopping is complete well ahead of your December 25th deadline. However, others (including a few of us in the Fifosys office!) will continue to find ourselves scrambling on Christmas Eve.

Irrespective of your shopping habits - or ability to plan gifts - one thing is indisputable: Christmas is the busiest time of the year for many sectors. But, as with anything busy and profitable in the modern world, danger could be lurking just around the corner.

Christmas 2020: The year we shopped online

For millions around the world, Christmas 2020 was one unlike any other. An early November lockdown - the second in a year for those in the UK - meant that non-essential stores had to close their doors for the busiest time of the year.

Choirs couldn't gather on high streets, town centres looked desolate, and local businesses desperately tried to provide the festive cheer from a safe distance. Instead, most of us relied on online shopping to get our gifts, as shown by an 80% rise in online purchases compared to 2019.

This rise paints a contrast to a 2019 survey, which found that 64% of UK shoppers prefer to shop in person compared to online. Thankfully, the outlook for 2021 is a little more optimistic, and some form of normality has returned - despite the pandemic still being an issue.

But, just as the Grinch tried to steal Christmas from the residents of Whoville, could Amazon and co be about to steal Christmas from the high street?

I'm Dreaming of a Digital Christmas?

“Customer demand is getting back on track ahead of Christmas as sales grew at a faster rate than the month prior, and well above its pre-pandemic levels", said Helen Dickinson OBE, Chief Executive of the British Retail Consortium.

And, whilst not everyone is rushing to get back to shopping centres or their local high street, much has been learned from 2020's digital approach to shopping.

In light of its biggest holiday season ever, Amazon has ramped up their attempts to repeat its fortunes, announcing plans to create 20,000 seasonal jobs. 

Amazon's attempts to maintain the shift to online have not flown under the radar, with publications such as Wired producing pieces such as the recent article titled: The high street is racing to stop Amazon from stealing Christmas. Here, an exert reads, "The pandemic-induced shift to online spending has forced traditional retailers to throw themselves into a serious game of catch up."

All of this comes before Black Friday or Cyber Monday - or supply chain issues - even get considered. But, if Christmas 2020 was the year we went digital, with 2021 continuing that trend, could the repercussions be felt in places that go beyond the high street?

'Tis the Season to be Vigilant?

Supply chain shortages have undoubtedly played their pair in making shelves appear a little bare in recent months. Whilst we won't ever claim to be experts in shipping, it doesn't look like stock issues will be resolved before Christmas. 

Unquestionably, this will drive people to outlets such as Amazon - as mentioned earlier - amongst other online retailers. But, one factor that has now embedded itself as part of your Yuletide: security. And, we're not just talking about keeping your house secure from those who don't live there - Santa excluded, naturally.

For many of us, Christmas is a time to take our foot off the gas. Some of us may drink a little too much, others may spend time with family and friends, whilst most of us will definitely be guilty of eating way too much. Regardless of how you spend the end of your December, it's unlikely that work is front of mind throughout, all of which is music to the ears of a cyber criminal.

Avoiding those on the Naughty List

We may not need to remind you just how busy Christmas can get, but when you consider it from the perspective of a cyber criminal, it may be the equivalent of open season.

In a recent global cyber security briefing, Deloitte said: "Credit card data is the new currency for hackers and criminals, and retailers possess a lot of it, making the retail industry an almost irresistible target for cyber-attacks."

So, how can you protect yourself from joining the list of people hacked? In many instances, the burden starts with the retailers you shop at. And, with criminals already hitting over 4,000 retailers recently, it could be worth asking what can those in the retail industry do to stay safe?

Previous blogs published on our site have shown how and why cyber security is too big of a threat to tackle alone for a business these days. But, if you need a short checklist of what you can do to keep secure as an organisation, look no further:

• Consider a short cyber security session for your employees. It may not be as fun as your Christmas party, but as we collectively relax, your security should not suffer.
• Ensure access to sensitive information is only issued on a need-to-know basis.
• Keep on top of the active accounts for your employees. If a member of staff has left, revoke their access.
• Love or hate onions, there is a lot to be learned from their layered approach for cyber security. Partnering with an MSP can offer you a multi-layered defence, so you're best placed to deal with attempted attacks.
• Rolling out updates regularly can prevent malicious outsiders from exploiting vulnerabilities.
• Consider running a Dark Web report to see if any of your staff's credentials have leaked. We run them free - learn more here.
• Back up all of your data.

But, if you're simply trying to do your Christmas shopping, what can you do to stay safe?

Keeping Christmas Full of Cheer - Not Fear

Due to the ever-increasing complexity of cyber attacks, experts have already confessed that there is no longer 'one true way' to protect companies and organisations from threats. Whilst this may be worrying news to a business trying to go it alone, it means that so long as you remain vigilant, you should be ok. That is, provided you follow basic cyber security principles.

Here, we have listed five basic steps you can take to stay safe, with your only worry being how you can quietly return that ugly jumper a distant relative bought you:

• Just as Santa will be checking his list and checking it twice, you should be checking EVERYTHING twice before clicking or inputting sensitive information. That goes for emails, websites or downloads - if something doesn't look right, you had no intention of doing what it asked in the first place, or have never heard of the company on your screen, don't do anything it asks. This handy guide goes a long way to helping identify a secure website.
• Many of us will have a lot of free time as December 25th creeps closer, so some will spend a lot more time on social media because of this. One thing you should be incredibly cautious of is posts seen often on sites such as Facebook, or Twitter, that a cousin, aunt or uncle may have tagged you in. Typically, these will let you know mundane things such as your 'Superhero Name!', or 'What the Future Holds for you!'. Sounds great in principle, sure, but they rely on potentially sensitive information, such as your date of birth, addresses and colour of the car you drive - common traits in many passwords. Just don't do it. If you're worried your accounts have been breached, check haveibeenpwned.com.
• Use a password manager - with different passwords for every site you visit. 92% of us are aware that using the same or a variation of the same password is a risk, but 50% of us continue to do it regardless. Create strong, unique passwords and then use a password manager to safely store these, well away from prying eyes.
• 'Being customer-centric, e-commerce sites and apps are also under pressure to be highly user-friendly, which often means leaving out important security measures like two-factor authentication that would create friction', says IT Pro. But, where possible, enable two-factor authentication on any accounts you make to shop. Doing so gives you an extra buffer, with any unexpected messages coming to your phone a way to let you know your credentials may have leaked. 
• Of course, as technology evolves, many of us want to have smart homes - but be cautious of smart devices! Said best by the NCSC, the number of connected devices in the average home or office is rising fast. Unfortunately, so is the number of incidents caused by common vulnerabilities in these products. Implement unique passwords on all new devices you may receive and keep your home safe.

The Last Word

The above lists, whilst not definitive, are a good starting point for staying safe online this Christmas. For more information, head to our website to read more blog posts, articles, or contact us to hear how we can help.

Christmas is a time to celebrate, even if you choose not to acknowledge the holiday. The last couple of years have been hard for all of us, so if you're able - and willing - take the time to celebrate accordingly. Part and parcel of being online in the Digital Age is the importance of cyber security, and with our help, we can ensure the only surprises you deal with are wrapped up under your tree - more Silent Night and less Cyber Fright.