12 Tips for a Cyber Safe Christmas


It’s that time of the year when many of you will be preparing for festive celebrations, family gatherings and the all-important office Christmas party. We hope you all have fun during this joyous period, but remember to stay cyber safe. Security of data, assets and people is our mission, so we have complied ’12 Tips for a Cyber Safe Christmas’. Whether you’re browsing for business or leisure, there’s something for everyone. Our guidance includes Christmas tips on: shopping securely online, protecting new devices, working safely from home, festive fraud tactics and much, much more. We have also provided some important contacts that may be useful, but hopefully you won’t need to use over the holidays. Enjoy!

Wishing you a very Merry Christmas and a Cyber Safe New Year!

Click the image below to view our 12 Christmas Tips as a fun, interactive Advent Calendar (desktop only)
12 Tips for a Cyber Safe Christmas: Advent Calendar

1: Away for Christmas?
Many of you will be spending the festive holiday period with friends and family, which can leave organisations with reduced staffing levels and/or unavailability of key resources. This can pose a big problem for businesses dealing with an information security or cyber incident. It’s a good time to review your company’s disaster recovery/business continuity plans, to ensure they cover these scenarios.
Does the plan include:

  • Contact information for key people e.g. staff, suppliers, authorities, support, etc.
  • Clear descriptions of responsibilities for individuals
  • Making important information readily available such as alarm codes, building access codes, passwords, etc. Have these changed and has your plan been updated to reflect this?
  • A process for communicating important messages to your customers

For more guidance and help with your disaster recovery response and planning, read this article from the UK’s National Cyber Security Centre.

2: Christmas Clean-Up
It’s time for the holidays and you’ve finished the work you needed to do. The office is tidy and ready for the New Year, so make sure your desk is too. Many of you will be leaving work far behind as you enjoy the festivities, but who might be looking for useful information whilst you’re away? You can secure sensitive paper-based information in by using lockable storage such as cupboards, filing cabinets, etc. If it’s no longer needed, you should dispose of files using secure waste disposal facilities – do not use general waste.

You can help your users by implementing an information classification policy. We use Shred-it for our secure disposal, you can read some tips from them here.

3: Snowed in?
With 2018/19 winter weather predicted to be worse than last year, is your business prepared for the potential disruption and can you offer your staff secure remote working capabilities? We advise you to introduce a policy to assist employees when working from home and to keep information – both digital and physical – secure.

Take a look at the Get Safe Online website for further guidance and information on risks associated with working remotely.

4: Social Greetings
Social media is a great way to connect with friends and family over Christmas, by sharing images, activities, thoughts and more. However, it can be difficult to keep these connections private, with a potential audience of… the entire world! The impact on the privacy of your devices, your sensitive information and even your personal security plays as a key disadvantage of social networking.

There is an abundance of fake accounts, trolls and fraudsters online, who seek to obtain and collect your personal information for possible criminal activity. Be strict with your privacy settings and be vigilant of the things you post. Avoid accidentally sharing information that could hint at:

  • Login Details – email addresses, usernames and passwords
  • Potential answers to security questions – “I will always love my first pet, Dave the dog”
  • Personal details – “Hi Auntie Sharon, give me a call and pop over for Christmas 079….”
  • Promoting that you’re out whilst your house/workplace is unoccupied

For further reading, take a look at this article Social Media Safety, which explains the things you should avoid posting and why.

5: Get Connected, Cyber Safe
When you’re out and about doing your Christmas shopping or socialising with friends and family, it will be tempting to make use of freely available public Wi-Fi networks. You should be mindful of using such methods of internet access when carrying out financial activities such as online banking, making purchases using credit/debit cards or accessing sensitive accounts or websites.

While not all public Wi-Fi connections are dangerous, you can never be confident that your information is secure when using them. To stay safe, you should consider using a VPN which can protect your information, or simply stick to using your mobile data. Click here to read ‘The dos and don’ts of using public Wi-Fi’ by Symantec.

6: Websites: naughty or nice?
With the UK’s annual online Christmas spending valued at around £25billion, cyber-criminals will be looking to take their share. You should be mindful of the websites that you are using, especially when shopping online, as fraudulent sites can be easily disguised as authentic retailers. These websites often boast unbelievable deals that are designed to catch your eye and catch you out. So remember, if it sounds too good to be true, it probably is.

Unless you have intelligent web filtering capabilities, you could be leaving your users, systems and information at risk. There are tools available such as URLVoid and VirusTotal that can help you decide if a website is trustworthy or may have been compromised.

7: Paying more for Christmas?
You should give some consideration as to how you will be paying for your Christmas gifts, both in-store and online. In this day and age, the vast majority of payments are made electronically. The different methods and providers offer varying levels of security. Newer ways such as Apple Pay and Google Pay, can be good options as they use inherent security of smartphones and mobile devices. However, these can come with their own risks.

Paying via PayPal can reduce the risk of exposing your card details, as input is not required at the time of purchase. This can protect you at a time like Christmas, when you are likely to be using multiple sites and services.

Get Safe Online offer some great advice on taking and making payments, read more on their website.

8: I want for Christmas is your password
Passwords are a necessary evil; they can be forgotten, stolen or guessed very easily. This estimation tool can tell you how long it would take to crack a password of varying types, lengths and degrees of complexity.

Many devices now offer an alternative to passwords or PIN codes using biometric access control (fingerprint, iris scanners or facial recognition). These can be paired with USB security keys such as YubiKey to offer password free two-factor authentication (2FA) for laptops and PC’s.

Password like your Toothbrush

9: Festive Fraud
Cyber-criminals are always looking to take advantage of situations and timing is key. The festive period will be hijacked as an opportunity to spread malware and steal information via large scale phishing and spam emails.

Common campaigns may masquerade as known contacts, courier services, payroll providers, well known charities and other high profile organisations. The emails usually present some accurate/relatable information to the sender to appear trustworthy and entice you to click on a malicious link. Is that Christmas e-card hiding something? Be extra vigilant, disaster is only one wrong click away.

The most effective way of combatting these types of attacks is with end-user training and/or phishing simulations. METCLOUD, in partnership with Terranova Security, offer tailored e-learning solutions to educate your employees and make them a strong link in your defences. Learn more and sign up for a free demo here.

10: Patch, then play
As technology becomes more and more ingrained within our day-to-day lives, it’s likely there will be some gift-wrapped devices sitting underneath the Christmas tree this year. The latest laptops, PCs, smartphones and tablets are at the forefront of many wish lists, but amid all the excitement, don’t forget about security. A lack of protection or required updates for your new device could leave it useless in no time through infection by viruses and malware.

The best way to keep your shiny new device secure is to update, patch and protect them before you play. It may not be the most joyous part of using the device, but it is one of the most essential. Remember – smartphones, laptops, tablets and PC’s are not just for Christmas – continue to patch them and perform regular backups throughout their life-span to keep your information safe and sound.

There are many ways to look after your new (and old) devices, read some amazing tips and advice from the Symantec Security Centre ‘How to set up and secure your new tech’.

11: Smart Gifts
There is a year on year increase in the number of Internet connected devices being used within businesses and at home. Anything from Smart Fridges, e-photo frames and children’s toys can pose a security risk if you haven’t done your homework.

There have been instances of malware or spyware being pre-loaded onto such devices in the past, or ones found to be vulnerable straight out of the box. Cybercriminals are quick to abuse this proliferation of IoT devices as these can be difficult or impossible to protect for the average user. The video below or this NCSC blog post ‘Fixing All Things’ explains this in further detail.

12: Who you gonna call?
Some useful contacts for your cybersecurity needs:

Action FraudCitizen’s Advice BureauCrimestoppersGet Safe OnlineInsurance Fraud BureauThe Cyber Helpline
The UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cybercrime in England, Wales and Northern Ireland.

www.actionfraud.police.uk

0300 123 2040

Free, independent, confidential and impartial advice to everyone on their rights and responsibilities.

www.citizensadvice.org.uk

03444 111 444

An independent charity that gives you the power to speak up to stop crime, 100% anonymously by phone and online, 24/7, 365 days a year.

www.crimestoppers-uk.org

0800 555 111

The UK’s leading source of unbiased, factual and easy-to-understand information on online safety.

www.getsafeonline.com

Help insurers identify fraud and avoid the financial consequences. Also support police, regulators and other law enforcement agencies in finding fraudsters and bringing them to justice.

www.insurancefraudbureau.org/

0800 422 0421

A volunteer organisation that helps anyone in the UK with cyber security issues.

www.thecyberhelpline.com