The worst possible time to suffer an attack or data breach is on Christmas. This article explains why you need to protect websites before the winter holidays.
It's the time we spend a lot of time away from work, with family and friends, vacationing, and drinking hot chocolate in front of a fireplace.
So what better time for a hacker to compromise your website than at Christmas?
For an e-commerce site, Christmas is usually the highest-selling time of the year and a hack will severely affect the sales. As a result, there’s a high chance, if you are not protected, to instantly lose all your Christmas sales.
For office workers, Christmas is a time when offices will go half-empty and employees are using up their remaining annual leave days. Those who are left will think more about what magical gifts to buy for their loved ones or where they are gonna find the ugliest sweater.
This is the time when a hacking attempt can catch a company totally off-guard and can bring a lot of trouble.
The good news is that you can give yourself peace of mind when leaving work to spend a cozy festive time with your family. For this reason, eliminating the risks beforehand can make your time away 10 times more calm and happy.
An answer to that question is best asked by hackers themselves. A survey made among the participants of the Defcon conference stated the following.
About 81% of the hackers said that most often their hacks happen during the winter holidays.(Source)
6% of the hackers say that Christmas is the best time to tackle a corporate network, while 25% think New Year’s Eve is best.(Source)
Speculating on the fact that hackers are more active during the winter season and winter holidays can mean that there are more active hackers in the northern hemisphere than in the southern hemisphere.
No one likes staying outside for a long time when it’s really cold, right.
In addition to hackers being more active, shoppers are as well. It all starts with Black Friday and Cyber Monday sales, where the early birds try to get the presents at really good prices.
So it makes hackers work as well as trying to invent all kinds of different campaigns and ways to scam the unsuspecting ones.
Several surveys made with people in the U.K., France, Germany, Spain, Australia, India, and Singapore stated that they had fallen victim to fake charity scams in 2019.
Many people are exceptionally giving holidays by making donations. Cybercriminals know that as well as they pose as a charity online and collect financial data and money from unsuspecting users.
It’s not only the charity, but it’s also shopping online overall.
For example, in 2016 ThreatMetrix predicted that there will be about 50 million online attacks during the week of Black Friday and Cyber Monday. What they actually saw was that there were more than 130 million attacks over the 90-day period that led to Christmas and New Year.
It strongly indicated that the final quarter of the year that leads up to Christmas and New Year sees the most attacks than other quarters of the year. So many reasons to protect websites, right.
This sounds like it concerns the consumer, but the actual loser here is a company that does not have its security measures in place.
The Ponemon Institute’s study showed that cyber-attacks on Black Friday and Cyber Monday could generate losses of up to $500,000 an hour for retail shops.
It’s not only the revenue loss, but it’s also the reputation loss, brand damage, and data breach. The loss can rise up to $4 million and you’ve heard about GDPR, right?
The study also showed that 64% of organizations saw the attacks getting more and more frequent when Christmas time arrived. The spikes were up to 64%.
This data is a few years old and today the cyberattacks have grown exponentially, which means, the numbers have changed. Let’s just hope that more and more companies understand the need for security and how important it is to protect their websites and the data it holds.
Now is the time to cover all the important tasks you need to do before leaving for the holidays. Securing your website, updating your software, and more. Let’s dig in.
Yes, every blog post you read about how to improve your website security will almost always include updates. But why?
Protecting the endpoint is the most important part. Hackers are keeping a close eye on security flaws and looking for possible vulnerabilities daily. These can be in popular plugins and themes and will aggressively target them once found.
When talking about WordPress security then what makes it worrisome is that more than 95% of WordPress vulnerabilities are related to plugins. And usually, the plugins that are outdated are the ones being targeted.
Plugin vulnerabilities are best secured by using a firewall that can receive virtual patches. When having virtual patches enabled on your website, a security team behind it can send your firewall security rules or patches of newly discovered vulnerabilities.
If possible keep the backups off-site, always. It’s never a good idea to keep your backups on the site itself.
The second suggestion for backups is that the best option is to choose the backup that is managed by your hosting provider.
Before leaving for the holidays, make sure you receive automatic updates for vulnerable plugins and virtual patches.
Why is that important?
It’s important because when you are away from your computer, spending jolly time with your family, hackers are actively trying to attack vulnerable plugins. This is where a proper alert system and automatic security patches come in very handy.
First the basics of access management:
So about the post-its. Nobody likes passwords and nobody likes to generate new passwords and nobody likes to remember all their passwords. That’s the reason we use password management tools. Life just makes so much more sense after starting to use one.
Just some examples to try KeePass, LastPass, or PassCamp.
And let’s not stop there, in addition to strong passwords enabling two-factor authentication (2FA) on all your important accounts, especially on your website.
Read how to properly manage your passwords.
So what is a response plan? It’s a plan to follow when things get really bad. By real bad, we mean for example that your e-commerce site is hacked and infected with malware. In addition to that, Google has reported the site malicious and has put your site on a blacklist.
It means no sales. No organic traffic. No traffic at all.
This is where the incident response plan comes in very handy. Who would you contact in that case?
PS! Patchstack has an incident response feature, which is for situations like that. You can read more about the incident response add-on from here.
Christmas is a season to be jolly, but also a season to be aware of cybercrime.
As said, the worst possible time to suffer an attack or data breach is Christmas.
So this Christmas be smarter and one step ahead. Protect and update your websites, make a backup, set up auto-updates for vulnerabilities, and have an incident response plan in place.
This will help you to go and spend the holidays with your family without worrying.