From online shopping to family Zoom calls, we spend plenty of time over the Christmas period online. However, while we occupy our personal time on the internet over the holidays, businesses also need to think about their own digital presence. Even if you aren’t in the office, your website is still available online – as are many of your digital assets.

Christmas can be a fruitful period for cybercriminals, as businesses tend to be slower to respond to any breaches of their systems. Preventing this means having measures in place to protect your systems while you are away, and the means to respond quickly if something does occur. Here are five cyber security tips to protect your business over Christmas, and get the New Year off on the right foot.

• Complete a cybersecurity audit

As our previous articles demonstrate, there are many ways to improve your cyber security, both structural and procedural. Some of these will persist through Christmas, while others may only impact on your methods of working. In either case, the Christmas holiday is an ideal time to ask yourself: does your cyber security still work effectively?

Think when the last time was that you assessed your security strategy, and whether it has adapted to the substantial changes of the past few years. Has your cybersecurity strategy shifted to accommodate remote working, or was this left by the wayside? Have you scaled up or down, or implemented new technology that brings with it new risks?

Although sometimes referred to as a checklist, a cybersecurity audit is, in fact, much more than a superficial review. By undertaking a cybersecurity audit, you’re conducting an analysis of your entire IT infrastructure, from individual hardware to your networks and cloud systems. Its purpose is to find any flaws or oversights in this infrastructure that could present a cybersecurity risk.

Cybercriminals are very good at adapting to new technologies and circumstances, and can be more agile (and better informed) than businesses on new tech, particularly if they lack the knowledge and responsiveness of a good IT department or IT service provider. A cyber security audit is a great place to start your year, and a launching pad for more regular vulnerability scans and penetration tests to keep new threats at bay.

•  Protect your devices

One aspect of your IT infrastructure that may not be completely isolated over the holidays is your company devices. Whether it’s emergency calls and emails or personal use of a company laptop, work devices can often find themselves being used outside of a work context. In some cases, this could include using them on unprotected networks, such as in cafes or airports, and potentially exposing them to theft or loss.

Strong passwords are always important, but they aren’t enough protection by themselves, particularly when it comes to online intrusion. When it comes to using company devices, encryption is the real key to keeping them secure. This will not only stop cybercriminals from accessing stolen files, but can also help to prevent data falling into the wrong hands in case of loss of theft.

For mobile devices, this will be in the form of a passcode or pin code. Fingerprints and other biometric security protections should generally be avoided to bypass encryption, as they can be spoofed. On Windows, BitLocker should be enabled, while Mac users should employ FileVault. Both softwares are built-in, and both offer an effective – yet often overlooked – security control to protect valuable business data.

• Keep regular back-ups

The cloud, digital transformation, the modern workplace, and artificial intelligence all represent the new age of information technology. We’re all seemingly embracing it, and surging into the future with it. But however advanced hardware and software get, one concept of computing that will never change is data backup.

We always recommend using managed back-up services, as they give you the best chance to recover a maximum amount of data, whatever the scenario. Managed backup services ensure that your data is protected in any environment, regularly uploading copies to physical or virtual hardware, to private infrastructure, or to the Cloud.

• Implement two-factor authentication

Hand in hand with passwords, multi-factor authentication (MFA) is an easy way of adding an extra layer of security to your online accounts. MFA works by requiring an additional layer of security on top of passwords, forcing you to confirm your identity before being able to log in. It works by giving you a code every time a login attempt is made, which needs to be entered on the website or in the app to proceed.

This is normally achieved through the use of a companion app, text message, or email. None of these methods are impervious – email accounts and mobile devices can both be susceptible to being hacked – but the mobile methods in particular add a layer of location-specific security. This can help to secure accounts without adding complexity, or the requirement to memorise another password, something your employees will appreciate.

•  Keep your devices updated

The end of the year is always a good time to make sure all your affairs are in order. An easy step is to make sure you go into the New Year knowing that computers and apps are up to date with the latest versions, security patches, and bug fixes. This will plug any backdoors and fix security flaws that could heighten the risk to your systems while you’re away.

Take this opportunity to encourage staff not to dismiss or delay updates – they exist for an important reason. In an office environment, people may feel pressured not to update their systems because this can take a long time, and prevent them from working. Apart from being a sign that your hardware needs updating, you should find time to allow them to update their systems – or have somebody do this outside of your usual working hours.

Want more cyber security tips? 

Sota offers an extensive range of Managed Cyber Security solutions, helping to protect individuals and businesses from data breaches and other threats. To discuss your cyber security strategy or for any other information about IT services, get in touch with Sota today.