The holiday season is upon us, and for many businesses, it’s the busiest time of the year. Amidst the chaos of long lines and increased foot traffic in your business, the last thing you want to worry about is a security breach.
The bad news is that a single compromised password can take the jolly “Ho! Ho! Ho!” right out of your profitable holiday season.

This time of year is known for an increase in cybercrime targeting small to mid-size businesses. In fact, one study showed that attempted ransomware attacks in November and December were 70% higher than in January and February of the same holiday season.¹ The Grinch is just as busy as Santa this time of year.

Why?

Three reasons:

• During the holidays, businesses often hire seasonal workers to help with the workload. These seasonal workers are given temporary access to company systems but often do not go through the same cybersecurity awareness training as the company’s regular staff. As a result, the seasonal staff are more susceptible to an array of ways cybercriminals try to get unsuspecting employees to provide them with access to company data.
• The high volume of transactions that take place during the holiday season provides a corresponding high-traffic environment across the company’s IT systems. This mass usage of systems creates an opportunity for hackers to exploit vulnerable access points and steal sensitive data.
• Many employees are distracted by the holiday rush and may not be as vigilant when it comes to security protocols. They may be more likely to fall for phishing scams or click on suspicious links, putting their personal information and company data at risk.

Because you are a diligent business owner, you already know that employee education is essential in protecting your company’s operational and customer data.

That education starts with the BIG BUILDING BLOCK of password security training. Here are some password safety tips to ensure your employees are doing their part to keep your business safe.

1. Strong Passwords: The easiest way to prevent unauthorized access to your business’s data is to require strong passwords. Encourage your employees to use a minimum of 10 characters, combining letters, numbers, and symbols. The best practice is to use a password manager to generate (and remember) strong passwords for you.

Avoid using pet names, birthdays, or common phrases as they are easily guessed by hackers. In addition, require your employees to change their passwords at least once every quarter.

2. Two-Factor Authentication: Two-factor authentication (2FA) adds an extra layer of security to login processes by asking for a second form of verification. Common forms of 2FA include a code sent to the user’s phone or email, or the use of a fingerprint scanner. Enable 2FA on all company accounts, including email, financial, and point-of-sale systems.
3. Don’t Share Passwords: Employees should never share their passwords, regardless of the circumstances. This includes sharing passwords with coworkers. Additionally, employees should avoid writing down their passwords and storing them in easy-to-find locations. Instead, encourage employees to use the password management software you have in place to keep track of passwords. (If you don’t currently have enterprise-grade password management tools in place, we should talk soon.)
4. Be Wary of Phishing Attempts: Hackers often use phishing attempts to gain access to sensitive data. Employees should be skeptical of all emails and texts asking for sensitive information such as passwords, social security numbers, or credit card information. Encourage employees to verify the authenticity of the request by calling the sender or checking the company’s website for information.
5. Update Software Regularly: Security updates are released regularly for all software systems, including operating systems, web browsers, and apps. These updates often contain security patches to fix vulnerabilities that can be exploited by hackers. Encourage employees to update software regularly and enable automatic updates where possible.

Cybersecurity threats are a year-round issue, but the risk is higher during the holiday season. Encourage employees to follow these password safety tips to protect your business’s sensitive data. Remember to lead by example, making sure you follow these tips and update your business’s security policies regularly. By emphasizing security awareness, you can work to keep your business safe during the busiest time of the year and beyond.

Just one more thing…

One of the reasons that businesses like yours struggle with providing cyber-awareness training and supervision for current and temporary staff during the holiday season is understaffed IT departments. After all, your IT team deserves a break during the holiday season too, right? If your business is under-resourced in cybersecurity personnel, let’s talk about helping you get the protection your business needs throughout this holiday season.