Cyber security: It’s the most vulnerable time of the year

‘Tis the season to be vigilant.

While many businesses and individuals have been getting ready for Christmas parties, swapping Secret Santa presents and preparing for the festive break, cyber criminals are readying themselves for one of their busiest times in the year.


So, why is cyber crime rife during the festive period?

Although it’s always important to be on the lookout for potential phishing and ransomware campaigns, the holiday season provides a rich source of opportunities for cyber criminals to target organisations and individuals.

Reduced staff numbers, vulnerabilities within online systems and applications, and festive season stress provide the perfect environment for cyber criminals. Criminals will often look to take advantage of companies inadvertently dropping their guard at this time of year.

Just some examples of the methods cyber criminals use as a way of accessing data and stealing money include:

  • Setting up fake e-commerce websites
  • Sending malicious emails, including those purporting to be updates from delivery companies
  • Generating social media scams containing too good to be true offers

Recent high-profile cases at this time of year include the Guardian Media Group and Arnold Clark. Both these businesses fell victim to cyber attacks in December 2022, with personal data stolen and shared as a result.

Steps to help protect against cyber attacks

In the run up to the festive period, organisations should take steps to help protect themselves and reduce the risk of a cyber attack on their systems, including:

  • Remind employees to be vigilant and report any suspicious activity or communications
  • Have strong passwords (three random words) and use two-factor authentication wherever possible
  • Continue to scan your networks and applications for vulnerabilities, taking action to address any identified risks
  • Confirm if a 24/7 monitoring structure should be in place and, if so, what outsourced services or on-call rota can help support this
  • Ensure all software is up to date and any security patches installed.
  • Perform regular backups of systems and data and monitor their success
  • Maintain offsite copies of backups (including the use of cloud services).


We are here to help

If you have any questions in relation to cyber risks or what steps to take to help protect your organisation, please get in touch with your usual Azets advisor or a member of our specialist Cyber Services team.