Every Who Down in Whoville Liked Christmas a lot...
But the hacker, Who lived on the dark web, Did NOT!
The hacker hated Christmas! The whole Christmas season!
But he saw an opportunity, for one good reason...
Cyber attacks increase by about 30% during public holidays such as Christmas and UK Bank Holidays.
Don't let the copyright-appropriate 'Green person who steals Christmas'* take away the festive spirit in your school or trust. Before schools shut up shop for the year, the Secure Schools team is here to share some tips, tricks, and easy-to-adopt ways of thinking to reduce the risk of attacks from cybercriminals* in your schools over the winter break.
It can be difficult to pay proper attention to what dangers might sneak into our emails, social media messages, and newsfeeds in the build-up to Christmas.
Secret Santa invites, special offers, and party invites from unknown/different providers are likely to bombard your inboxes over this time. As always, be mindful and vigilant before clicking any links or entering details on any third-party platforms.
A recent study shows that up to 45% of employees who get distracted during the holiday period fail to effectively comply with their organisation's cybersecurity policies. It's crucial to remain on top of your school or trust's policies and act on these as you would any other time of the year. Hackers know this is a time when things can tend to slip, so do what you can to keep them from stealing Christmas for your incident response teams!
We've already had Black Friday, and it's full steam ahead for Christmas gifts and other holiday celebration purchases. December is, by default, a profitable month for retail sales.
Unfortunately, it can also be a profitable month for cybercriminals. Taking advantage of the spending fever, hackers may use a series of attack methods that require little technical resources and that are easy to launch:
Spear phishing is also at its most prevalent during the Christmas season. Be mindful of suspicious emails or text messages from your ‘line manager’ or ‘Senior Leadership’ asking for urgent action. This is even more common for finance staff and budget holders, with ‘critical’ transaction requests or details. As always, remain vigilant and look out for tell-tale signs of suspicious activity, and report it to the correct person in your school.
Everyone needs a break, and cybercriminals know that the holidays are an opportune time to strike.
That doesn't mean we need all hands on deck over the holidays, but it does mean defences need to be robust and systems updated before you close your doors for the break:
The holidays are a time to rest, recharge and spend time with your loved ones. With the mindful approach to cybersecurity we outlined above, you can go into your breaks feeling more secure about your school's cybersecurity posture. There is no perfect way to prepare, but taking some, if not all of the actions listed above will make it much more difficult for cybercriminals to ‘steal Christmas’.
You can find more guidance to assess, plan and strengthen your school's cybersecurity posture in The School Cybersecurity Handbook. Click here to download for free.