As the end of 2021 draws near, many of us are looking forward to a much-needed break, with many businesses shutting down and families preparing to re-connect and head away for holidays. But it’s crucial to take a moment to remind our customers to stay vigilant against cyber threats to ensure that businesses and their teams stay safe.
It’s such a busy time. Whether it’s the last-minute rush for presents or the scramble to snag a bargain in end-of-year sales, it’s a peak time for spending. Combined with a frenzy of parcel deliveries, and the added distraction of kids on school holidays and planning for long-awaited celebrations, it’s a perfect storm that cybercriminals are keen to take advantage of.
As partners, you know it all too well, but it’s pertinent to remind customers. Particularly as many of their teams will still be working remotely, so more than ever, they will be at risk of falling prey and in so doing, potentially exposing sensitive company information, finances, data, networks, and infrastructure.
Unfortunately, cybercriminals do not take a break in the holidays, in fact, the festive season and ‘out of office’ mode trigger them into action. Public and private spheres are equally at risk from threat actors. According to the FBI and CISA, “Recent history tells us that this could be the time when these persistent cyber actors halfway across the world are looking for ways – big and small – to disrupt the critical networks and systems belonging to organisations, businesses, and critical infrastructure”. Case in point: Colonial Pipeline and JBS Meats ransomware attacks both occurred over the holiday period.
It’s a cautionary warning to clients and their businesses as we head into 2022, that cyber threats are highly likely, and prevention is better than a cure. On that note, here are some tips from the FBI, CISA, and our learnings here at MailGuard that may be helpful to share with your clients, in the hope for a safer and more cyber resilient 2022.
- Revisit your cyber security posture. It’s highly recommended, especially for critical infrastructure businesses and entities (i.e., those working within communications, information technology, energy, healthcare, food, and financial sectors) to implement best practice and baseline mitigations to help mitigate any potential risks posed by cyber threats. Read more here: ‘Defending Cyber Threats: Have You Implemented the Baseline Essentials?’
- Make an offline backup of your data. This includes encrypted backups and the regular testing of backups, as well as checking the backup schedule to consider disruptions during the holiday period. Maintaining backups offline is an important mitigation process against cyber threats as ransomware variants often attempt to find and delete or encrypt accessible backups.
- Employee Resourcing. Identify key personnel, IT & Infosec, or others who will be available and required during weekends and the holiday period in the event of an incident or ransomware attack.
- Password Best Practice. Including MFA and mandating strong passwords across the company, and ensuring passwords are not reused across multiple accounts. Implement best-practice password protection measures, particularly multi-factor authentication for remote access and administrative accounts. For easy to implement tips: ‘Password Best Practice: A Must-Have Layer of Cyber Defense’
- Remote Desktop Protocol. The FBI and CISA recommend that if you must use RDP or a similar service, to ensure that it is secure and monitored, due to the high risks attached. Ensure that your customers and their teams are clear on RDP policies and processes.
- Stay ahead, stay protected against zero-day email threats. Beware of and remind employees and teams of malicious email scams like phishing, ransomware, and BEC. At this time of year, cybercriminals use phishing emails as a primary vector in delivering cyber attacks. It’s important that customers and employees do not click on any suspicious links and are aware of the red flags associated with a phishing scam. One wrong click could result in a ransomware attack or data breach, with data being sold on the dark web and more serious follow-on criminal activity, shutting down a business in a flash. Additionally, stay alert for other social engineering techniques and tactics that cybercriminals use at this time, such as spoofing reputable and trusted businesses with fraudulent sites, credential stealing, and tricking staff with fake and unencrypted financial transactions.
Here are some helpful guides that you can share with your customers to ensure that the holiday period is a safe and cyber-secure one.
- The Parcel Impersonators: Staying Protected from Parcel Provider Email Fraud in 2021
- Building Cyber Resilient: 6 Practical Solutions for Managing a Hybrid Workforce
- “The worst year ever”: 5 Lessons on Ransomware from 2020
Keeping businesses protected
Prevention is always better than a cure, and the best defence is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all threats, so it’s crucial to remind customers that if they are using Microsoft 365 or G Suite, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be an open dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 282 2
UK partners call 0 800 404 8993