The holiday season brings downtime for a lot of businesses and lots of shopping, gift-giving, and holiday-inspired travel for consumers. But it also presents a challenge to organizations: behind the scenes, bad actors aren’t taking a holiday, and in fact, their cyber attacks will only increase.

Is your business prepared for the increased threat of a cyber attack as you and your employees embark on festive holiday outings?

The Holiday Season is a Big Opportunity for Hackers

In 2021, cybersecurity incidents increased by an average of 30% across the holiday season. This wasn’t a one-off exception, either – it follows an ongoing historical trend. So why does this time of year see such a spike in cyber attacks?

Hackers Take Advantage of the Downtime

The holiday season occurs at the end of the calendar year. Between a lineup of holiday parties and family gatherings, planned downtime for holiday closures, and the fact that most organizations slow down at this time of year – this is a time when intruders are more likely to attack and get through.

Tis the Season for Overwhelmed Inboxes & Inattentive Staff

With the increased consumer activity spanning the entire holiday season, retailers have their eye on maximizing profits. And that means lots and lots of email campaigns funneling into the inboxes of shoppers. Aside from an overwhelming number of messages, there is a bigger risk lurking in the holiday-season volume.

Phishing emails become a lot more difficult to detect – leaving employees who are focused on celebrating the holidays to weed them out. In short, it’s more likely that an employee might act on a malicious link or message without even realizing it.

A Crime of Opportunity

Another reason that hackers love the holidays is simply that they occur at the end of the year. Why is the timing significant? A lot of initiatives in business are planned around the calendar year – and almost nobody is looking to kick off a revamp or implement a new protocol in December.

Those big projects are often slated for Q1, when annual budgets are refreshed, and employees are mentally ready to start something new.

How Can Organizations Prepare for Winter Holiday Cyber Threats?

It should be clear now that businesses are a little extra vulnerable during the holiday season. But what’s more alarming is that 36% of organizations say they have no “specific contingency plan in place to mount a response.” After all, the average cost of recovering from a cyberattack can be nearly $5 million.

Implementing proactive cybersecurity measures is essential, but with the clock quickly ticking down to the holidays, you may be looking for some more immediate actions. Let's focus on the things you can implement today.

1. Stay Vigilant in Recognizing Malicious Emails

As we all collectively tune out from business as usual during the holiday season, it’s easy to simply overlook subtle clues you might have otherwise caught. Still, as cyber threats increase, it’s more important now than ever before to recognize subtle differences in email addresses, sender names, and URLs.

For example, a hacker could spoof any well-known brand name and re-route traffic from a domain like to This subtle, but serious difference can be a multimillion-dollar mistake or a thwarted attempt.

Pro Tip: Complete refresher cybersecurity awareness training with all employees just before the holiday season each year to satisfy both annual requirements and to serve as a reminder for holiday-season vigilance.

As a final reminder, take the time to make sure that everyone has up-to-date security software and a quick reminder not to click on unsolicited links or download sketchy media – regardless of how adorable the e-card might be.

2. Update Your Business Software

Speaking of which, ensure that your software, from operating systems to anti-virus, is up-to-date. While even up-to-date software isn’t foolproof, these updates are a crucial part of a complete approach to security. Outdated and unpatched software present greater opportunities for attacks by hackers – and 55% of all programs installed on computers running Windows are outdated.

Consider employing a next-gen managed detection and response (MDR) system for your endpoints and cloud. Many MDR’s come with a staffed 24x7x365 security operations center.

This simple step can help you reduce your risk, and potential headaches, during the holiday season.

Pro Tip: Tools like anti-virus software should be your last line of defense, not your first. As you look to the new year, consider how you can become more proactive with your cybersecurity, with tools like cybersecurity awareness training, phishing testing, and managed detection and response.

3. Avoid Free WiFi Connections While Traveling

Free WiFi can be great for surfing the web in the airport or a coffee shop, but it’s terrible for cybersecurity. Businesses need to understand that their employees will travel more during the holidays for a variety of reasons–and that travel means more exposure to free, unsecured WiFi connections.
When possible, consider using a personal WiFi hotspot instead, such as tethering to your cell phone or using a mobile hotspot device.

In 2016, a seemingly ordinary USA Today columnist was hacked mid-flight through the airline’s WiFi. He was cheekily writing a column about whether or not a big Apple vs. FBI security debacle mattered to everyday folk. At the time, he didn’t really see the big deal or why the case was making headlines. But that all changed after his emails were hacked while using the in-flight WiFi on his airplane.

Pro Tip: Do not allow employees to access company resources from an open or free wifi connection.

The Takeaway on Holiday Season Cybersecurity

The holiday season is a time to celebrate, but organizations must still remain vigilant. Hackers have plenty of opportunities to exploit employees and businesses during the holiday season. These bad actors take advantage of this timing to execute some of their biggest attacks of the year.

Start keeping your organization safe by taking some foundational steps, like staying focused on malicious emails and messages and keeping software up-to-date. But while these steps are important, with cybersecurity insurance premiums rising and bad actors finding new and more creative ways to attack, it may be time to consider managed cybersecurity services for your business.

A partner like Ceeva will help you have complete confidence in your organization’s IT security, so you can rest easy during the holidays.

Free Cybersecurity Essentials Handbook for Small Organizations