It’s the holiday season, a busy season for cyber crime, you’re the number one item on a cyber criminal’s wish list. When you are at your busiest, identity thieves and hackers see opportunities to take advantage. People shop more—both in stores and online—providing additional opportunities for personal and financial information to fall into the wrong hands. Families gather together, potentially opening themselves up to identity theft during travel. Employees are distracted, so they are more likely to make mistakes with email.
Identity Thieves Hone in on Busy Shoppers and Travelers
While you’re making plans for the holidays with family and friends, cyber criminals are looking for opportunities to steal your identity and commit financial frauds. Between 2014 and 2018, there was a 109% increase in holiday identity fraud.1 There are five ways individuals experience greater risk of identity theft around the holidays:
- You’re distracted. As you rush around to stores and holiday parties, you’re more likely to forget your purse, lose your wallet or have a credit card stolen. When you’re distracted, you are less likely to spot a phishing email before it’s too late.
- You use public WiFi or charging stations. Public WiFi networks are not secured by a password, and when you use your device on an open network, your data is at risk of being stolen. The best rule is never to use public WiFi and especially not for financial transactions and shopping. A newer vulnerability exists at public charging stations. Data thieves hack into these stations and “juice jack” unsuspecting victims’ devices by pulling data through the USB cords on phones.
- You are bargain hunting online. Research shows that 43% of holiday shopping identity theft occurs online.2 One minute you’re Googling frantically for hard-to-find holiday gifts and the next minute, you’ve suddenly found them in stock and unbelievably priced for a fire sale. Watch out! This is how bargain hunters get suckered into fake web stores. They steal your card number and identity…and you don’t even get the items you bought.
- Your credit card gets “skimmed.” Sometimes thieves insert a credit card skimmer inside the card machines in gas stations, retail stores or restaurants. Unbeknownst to the store, every customer’s credit card information is being swiped by cybercriminals.
- You fall for a holiday charity scam. You’re feeling extra generous during the holiday season and you give generously when asked for charitable donations. Unfortunately, some criminals use fake charities to tug on your holiday heartstrings. Do your homework before donating.
The Holiday “Human Factor” Leaves Businesses Vulnerable
The risk of a business data breach or ransomware also rises during the holidays. Cyber criminals look to take advantage of busy, distracted employees during the end of the year. Not only are businesses closing out their quarterly accounting, for many the end of the calendar year is also their fiscal year-end. From sales to accounting to customer service and support, employees are overworked and often short-staffed this time of year.
Knowing this, hackers and cyber criminals step up their efforts to get into your business network. They just need one tired, distracted employee to open the wrong email, click the wrong link, or get sloppy with protecting their network credentials. From October through December, there’s a 50% increase in phishing email attacks.3 And according to the Verizon Data Breaches Investigations Report, about 9 out of 10 data breaches begin with phishing or social engineering.4
Business leaders need to instill an increased sense of diligence among employees during the holiday season. Update employees about the risks. You should already have an anti-phishing training program in place, but it is a good idea to offer employees a refresher before the busy holiday season. Do a few unannounced phishing drills as well. Instill a culture of open communication and team vigilance instead of a culture of blame about phishing. Everyone makes mistakes and if it happens, you want employees to self-report quickly.