‘Twas the night before Christmas, and all through the network, not a creature, was stirring, not even a virus. When out on the server, there arose such a clatter, the technician sprang to their portal to see what was the matter.

Yes, while Santa and his elves are making toys for millions of children around the world, hackers are making mischief and more. MSPs need to be aware of the inherent threats that are a part of the holiday season. They also need to be willing, more so than other times of year, to go above and beyond network maintenance, and into a little human maintenance.

Education and awareness are two of the most powerful tools

Security awareness training needs to be deployed with extra vigor during the holiday season. Some threats could dupe an employee but have little effect on the network, whereas others go beyond scamming a shopper and can instead leave an entire system exposed.

Whatever the threat, MSPs should do their part to mitigate them. As hackers seek to leverage advantages during this time of the year, businesses find themselves crushed with online threats. Some say that targeted phishing attacks are like the Grinch lurking in the Christmas shadows.

SmarterMSP reached out to a cross-section of experts, from employers to MSPs to professors, to come up with a different kind of holiday gift list that may not result in any presents, but will deliver the gift of a hack-free holiday. Here are some items to help keep systems safe as the Yuletide carols play:

Hackers capitalize on chaos: Remember that hackers are human; they know that the holidays are a swirl of deadlines, office parties, in-laws, and online orders. A person who might not fall for a phishing email any other time of year might do so now. An email purporting to be from an online retailer wanting a credit card number re-entered that would be ignored in July might be acted upon on a busy December morning. Everyone within the ecosystem needs to slow down and be aware.

Holiday-themed emails deserve extra scrutiny: Because hackers thrive on chaos, MSPs and their clients need to monitor communication extra closely. Is the email from accounting about the end-of-the-year holiday bonus bogus? People may let down their guard come the hectic days of December. If an email, phone call, or text has a holiday tie-in, that should put everyone on high alert.

Beware of phone calls: Fewer and fewer people seem to answer their phones these days, as messages get left in a maze of voicemails. But when someone does get through, it is often during these harried holidays that they’ll catch someone when their guard is down. MSPs need to make sure clients know that under no circumstances should they give out passwords or other network login credentials to unauthorized callers. When in doubt, call the person back. This proper “phone hygiene” should be in place year-round, but it needs to be emphasized in December.

Piling on extra servers: While crypto attacks have slowed down this year, that doesn’t mean your system can’t be compromised. Miners seeking to gulp extra power for their crypto operations know that various educational campuses, technical schools, and manufacturing facilities shut down over the holidays. So why not tap into that latent bandwidth to do some crypto mining? MSPs need to monitor network activity during these downtimes to make sure a school’s downtime isn’t a miner’s uptime.

Planes, trains, automobiles, and cybersecurity: Everyone’s in a rush to finish last-minute work, so they can get to the holiday party on time. All stakeholders — whether it’s an MSP owner taking client work on the road or travelers with company laptops — need to resist the temptation to log in to the airport coffee shop’s free WiFi, leave laptops lying around, and minimize location sharing. These are all common-sense tips at other times of the year, but during the craziness of holidays, corner-cutting can be appealing and disastrous.

Happy patching: We’ve stressed the importance of patching, but cybercriminals know the weak spots, and they know that if you’re buried under holiday deadlines, they’ll probe for weaknesses. Make sure to apply any patches that you’ve been putting off doing.

Limit personal email at work: Many employees check their personal email while working on the company PC. That can be a problem year-round, but during the holidays it can be a bigger problem. That urgent email from “Amazon” telling someone to click on a link to check a package status can be tempting as Christmas creeps closer.

No, the boss won’t tell you to buy gift cards: A common holiday ruse is a carefully crafted email from “the boss” directing an employee to go out and buy a bunch of gifts so they can be distributed as holiday bonuses. And, oh, by the way, I’m so busy right now, and I want to make these “virtual gift cards.” Please email me the numbers and codes and dispose of the cards. The problem is, the email wasn’t from the boss.

A little extra awareness, a commitment to the basics, slowing down amidst the crush, and MSPs that are willing to go a bit beyond the scope of simple network maintenance, can result in fewer Grinches and more holiday cheer for the whole new year.

Photo:  MorganStudio / Shutterstock

Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

One Comment

  1. Avatar

    Great Points

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *