Cyberattacks don’t stop in the summer and, in fact, they increase significantly during this season. Cyberattacks grow by around 30%, with the most frequent being phishing, CEO fraud, identity theft and ransomware. Cybercriminals take advantage of the fact that many companies and employees are on vacation to attack security breaches.
During the holidays, security measures tend to be relaxed, user attention spans decrease and online activity increases, creating an environment ripe for attacks. Phishing incidents, in particular, increase by 20-30%. In addition, criminals launch travel-related scams, such as fake offers for airline tickets, tours and hotels, taking advantage of those looking for attractive deals.
“During the summer, many companies operate with reduced staff and employees are more relaxed, which creates a perfect environment for phishing attacks,” says Victor Ronco, CEO of Zerod, adding that “attackers use more sophisticated and personalized tactics, targeting specific individuals within organizations, increasing the likelihood of success of their malicious attempts.”
10 tips to avoid cyber attacks
At a time when cybersecurity has become a strategic priority for companies, Zerod offers 10 tips to protect organizations against the growing number of cyber threats:
- Implement Multi-Factor Authentication (MFA): Multi-factor authentication adds an extra layer of security by requiring more than one form of verification before granting access to accounts or systems. The company should ensure that all employees use MFA to access critical resources, or even email.
- Update and patch systems and software: Before the holidays, check that all systems and applications are up to date with the latest security patches. Frequent updates fix vulnerabilities that cybercriminals could exploit.
Zerod provides 10 tips to ensure cybersecurity in companies after closing for vacation
- Perform backups: Before you hang up the closed for vacation sign, it is important to back up all important data and store it in secure, offline locations to protect against ransomware attacks.
- Raise awareness among employees about phishing: Phishing remains one of the most common threats and is only solvable with ongoing employee training on how to identify suspicious emails or text messages and avoid unknown links or attachments.
- Perform penetration testing: It is necessary to ensure that digital assets, from websites to company mobile applications, do not have any critical vulnerabilities that attackers can exploit. To do this, the best approach is to use external white hacking to detect and mitigate these potential risks in time.
- Set up alerts and continuous monitoring: Businesses should employ monitoring tools to detect unusual activity and threats in real time. Setting up alerts so that IT staff are immediately notified of any suspicious behavior is a lifesaver.
- Restrict access: Specialists should limit access to sensitive data and only authorized personnel can access critical information. In addition, consideration should be given to implementing ‘least privilege’ policies to restrict access to only what is necessary.
- Use secure networks: The use of public Wi-Fi networks to access business resources is discouraged. If remote work is required, the company should ensure that virtual private networks (VPNs) are used to keep connections secure.
- Control mobile devices: Mobile devices can be a gateway for attacks. Every company should implement security policies for mobile devices, including encryption, strong passwords, and the ability to remotely wipe data in case of loss or theft.
- Strengthen password policies: IT professionals should insist on the use of strong and unique passwords for all accounts. In addition, the use of password managers is advisable to help employees maintain secure passwords without difficulty.