Cyber Security Holiday Season Risks

With most businesses and people winding down for a well-deserved break over the holiday season, it’s important to be aware that cyber security risks increase over the holiday season. This is due to a number of factors ranging from people being less vigilant about cyber security in holiday mode, through to traveling, which generally exposes people to a variety of cyber threats, as they may be using unfamiliar networks and devices.

During the holiday season, there is a significant increase in online activity through internet shopping, financial transactions, and social media interactions, all of which provides more opportunities for cybercriminals to target both individuals and organisations.

Phishing attacks and scams

Cybercriminals exploit the festive atmosphere to launch phishing attacks and scams. They may create fake holiday promotions, shipping notifications, or charitable appeals to trick people into revealing sensitive information or clicking on malicious links. Over this last week there has been a phishing attack targeting Commonwealth Bank of Australia customers through a message advising that their bank account will be blocked due to suspicious activity. The message contained a link to a highly realistic clone of the CBA website, with all of the hyperlinks on the page connecting to the actual CBA website. A person who “verifies” their bank account through the cloned website will discover that all of their connected bank accounts have been almost instantaneously emptied out.

The holiday season also creates opportunities for social engineering attacks, where cybercriminals manipulate individuals into divulging sensitive information or taking actions that compromise security of their organisations. Posting real-time holiday photos on social medial accounts increases this risk.

Reduced staffing and vigilance in businesses

Many businesses and organisations operate with reduced staffing during holidays, or even shut down. This leads to slower response times to cyber security incidents, creating opportunities for cybercriminals to exploit vulnerabilities. St Vincent’s, Australia’s largest non-profit healthcare provider was hit by a cyberattack this week, resulting in data being stolen from its networks.

In a statement on Friday, St Vincent’s Health Australia said it was working with the Australian government and state-level officials to resolve the cyber incident, which began on Tuesday. St Vincent’s has stated that is has not affected its ability to deliver patient and residential care services, but rather than enjoying Christmas with their families, some St Vincent’s staff and contractors  are busy working to secure and contain the incident and understand what data may have been accessed and stolen.

How to Reduce Cyber Security Holiday Season Risks

To help protect your digital security over the holidays and while traveling, consider the following precautions:

General precautions

  1. Beware of phishing: Be cautious of unsolicited emails, messages, or links, especially when traveling. Cybercriminals may try to exploit your unfamiliarity with local conditions or services to trick you into revealing sensitive information. Even Scanning an untrusted QR Code can be risky, as you don’t know in advance which URL your device is being taken to.
  2. Back up your data: Before traveling, back up your important data to a secure cloud storage service or an external hard drive. This ensures that you won’t lose critical information in case your devices are lost, stolen, or compromised. Where possible, back-up your data whilst traveling to a secure cloud service.
  3. Secure your social medial accounts and be cautious on social media: Be mindful of what you share on social media while traveling. Posting your exact location and travel plans can make you an easy target for both physical and cyber threats. If you are someone who likes to post while traveling, then lock down your social media profiles so you can control who’s seeing what you post. Most social media platforms have an option to only allow friends to view your content. Travel photos can be used to track where you are, right down to your accommodation. So consider only posting locations that you’ve already left – and never post pictures of your accommodation while you’re still there.
  4. Use two-factor authentication (2FA): Enable 2FA for your online accounts. This adds an extra layer of security, requiring you to provide a second form of verification (such as a code sent to your phone or an authenticator App) in addition to your password. This is always recommended, not just when you are traveling.
  5. Use secure connections and only shop from reputable websites: When making online purchases, stick to reputable and well-known websites. Look for secure payment options (such as PayPal) and ensure the website’s URL starts with “https://” in the URL and has a padlock symbol in the browser’s address bar.
  6. Update and secure devices: Ensure that all your devices (smartphones, laptops, tablets) are updated with the latest software and security patches. Set strong passwords, use biometric authentication where available (Face ID, fingerprints etc), and enable device encryption.
  7. Be aware of unsecure IoT devices: Many people receive or gift smart IoT (Internet of Things) devices as Christmas or holiday presents. Many IoT devices come with default usernames and passwords, which users often neglect to change, especially while they are in relaxed holiday mode. They have weak or non-existent authentication mechanisms and may transmit data over the network in an insecure manner. Cybercriminals can exploit this by using default credentials to gain unauthorised access to the device. If not properly secured, these Internet of Things (IoT) devices can become entry points for cyber-attacks on your home or business network.
  8. Monitor your financial statements: Keep a close eye on your bank and credit card statements for any unauthorised transactions. Report any discrepancies to your bank immediately.

Travel specific precautions

  1. Use a Virtual Private Network (VPN) whenever possible: A VPN encrypts your internet connection, making it more difficult for hackers to intercept your data. It also allows you to access the internet through a secure server, which is important when using public Wi-Fi networks. If you don’t have access to a VPN via your work, or want to use a different VPN, check out this list from Cyber News: Best Mobile VPN Apps in Australia – August 2023 – Cybernews.com
  2. Avoid public Wi-Fi: Public Wi-Fi networks are often less secure and can be exploited by attackers. If possible, use your mobile data or a secure hotspot instead. If you must use public Wi-Fi, connect through a VPN to encrypt your data. If you are travelling overseas and worried about data use, then consider an eSim mobile package.
  3. Disable auto-connect: Turn off the automatic connection to open Wi-Fi networks. This prevents your device from connecting to potentially malicious networks without your knowledge.
  4. Secure physical items: Keep your devices physically secure. Use a lock or secure your laptop and other valuable electronics in your hotel room safe when not in use.
  5. Avoid public computers and other shared devices: Never use public computers for sensitive tasks like online banking or accessing personal accounts, as they may have malware or keyloggers installed. Avoid using shared direct-to-USB port charging stations. Rather use your own plug and cable to charge your devices, or a charged battery pack. If you need to use a shared charging station, use a USB data blocker, which will block data transmission via the USB port but still allows your phone to charge.
  6. Ensure you can remotely wipe a lost device: If your device is lost, remember to quickly take steps to ensure the date on your device doesn’t fall into the wrong hands. This can be done on all iPhone and most Android devices. For Windows laptops, you will need to have first enrolled your computer with Microsoft Intune.

As we all embrace the holiday spirit and look forward to well-deserved breaks, it’s crucial to remain vigilant in the face of escalating cyber security risks. The combination of reduced vigilance during holiday mode, increased online activities, and travel-related vulnerabilities creates an ideal environment for cybercriminals to exploit unsuspecting individuals and businesses. Whether you are at home or traveling over this holiday season, adopting precautions such as enabling two-factor authentication, using secure connections, and staying informed about potential threats can significantly enhance your digital security.

Wishing everybody a safe, enjoyable and cyber-safe holiday season!

Contact CyBiz if you run into any problems in your digital lives.

Posted in Blog, General

Tagged , , , , , ,