Light Dark
December 19, 2017 By Douglas Bonderud 3 min read

Hackers love the holidays. As noted by the San Antonio Express-News, consumer cyberattacks increased by 20 percent through November and December of last year when compared to the previous 10 months, while The Washington Times pointed out that cyberattack attempts spike on Cyber Monday.

When users are spending big and already under stress, they’re more likely to make mistakes that compromise account security. For enterprises, however, there’s an even bigger challenge on the horizon: Cybersecurity breaches that happen when employees take work home during their winter breaks. How can companies keep hacks out of the holidays?

The Holiday Security Conundrum

Some staff members choose to work over the break, while others are compelled to stay in touch. When they’re away from the office, employees need a secure way to access, transmit and store critical corporate data.

As noted by TechRepublic, 24 percent of users leverage free Wi-Fi hot spots to complete their work, while 28 percent email secure corporate documents to personal accounts. This combination tops any fraudster’s holiday list: Data transmitted over insecure public connections and then forwarded to free email services, which can be easily breached over public Wi-Fi networks or by creating dummy networks purely for the purpose of information gathering.

What’s more, 15 percent of staff members said they connect USB drives and memory cards to work computers and then share these cards with family members, increasing both the risk of accidental data exfiltration and incoming malicious code.

Given these common security lapses, it’s little wonder that cybersecurity breaches increase over the holidays. Employees who are paid to work but have no access to the office still need to get their work done — and they want to get it done as quickly as possible to spend more time with family.

While holiday habits and a lack of corporate network access contribute to increased data risk, more basic issues persist. As noted by TechRepublic, almost 30 percent of employees asked reported that “they have never in their working career had any cybersecurity training to protect themselves and their employer against threats.” As a result, even employees aware of potential risks may be ill-equipped to limit the impact of cybersecurity breaches.

According to Forbes, meanwhile, recent data revealed that many companies are still using an “antiquated kit” to defend against advanced cyberattacks, making it easy for cybercriminals to bypass existing protections.

Prevent Cybersecurity Breaches With Pre-Holiday Training

Reining in holiday risk demands a two-pronged approach. First, enterprises must recognize the shared responsibility among security technology and staff members. Aging solutions and solid training face the same limitations as great technology and minimal employee engagement.

Solving the seasonal conundrum also demands upfront investment in cloud-enabled security solutions that can actively detect emerging threats and take effective countermeasures while simultaneously making time for employee training. Although training will vary by company, below are some basic guidelines to help reduce risk.

  • Have regular refreshers: Stale training isn’t useful. Since the goal is to improve holiday defense, schedule training at least once year and ensure that it occurs just prior to the holiday season so staff members are consciously aware of security risk.
  • Get practical: Vague descriptions of “hacks” and “data theft” won’t cut it. Give staff members concrete examples of phishing scams and application compromise, and then provide real-world training scenarios to see what they’ve learned.
  • Be clear: Better for staff to leave work at the office than to compromise security over the holidays. Make expectations for data handling and storage clear and lay out the consequences for noncompliance. While the goal here is an open and honest discussion about potential security problems, staff members must understand the bottom line.

Cybersecurity breaches can hamper holiday cheer. Give employees the gift of better tools and great training to rein in this risk.

 |  |  |  |  |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature