Every Who Down in Whoville Liked Christmas a lot...
But the Grinch, Who lived just north of Whoville, Did NOT!
The Grinch hated Christmas! The whole Christmas season!
But he saw an opportunity, for one good reason...
Cyber attacks increase by about 30% during public holidays such as Christmas.
Don't let the copyright-appropriate 'Green person who steals Christmas'* take away the festive spirit in your school or group. Before schools shut up shop for the year, the Secure Schools team is here to share tips, tricks, and easy-to-adopt ways of thinking to reduce the risk of attacks from cybercriminals* in your schools over the summer break.
1. Remain mindful and aware in the festive period
It can be difficult to pay proper attention to what dangers might sneak into our emails, social media messages, and newsfeeds during Christmas build-up.
Secret Santa invites, special offers, and party invites from unknown or different providers are likely to bombard your inboxes over this time. As always, be mindful and vigilant before clicking any links or entering details into any third-party platforms.
A recent study shows that up to 45% of employees who get distracted during the holiday period fail to effectively comply with their organisation's cybersecurity policies. It's crucial to remain on top of your school or group's policies and act on these as you would any other time of the year. Hackers know this is a time when things can tend to slip, so do what you can to keep them from stealing Christmas for your incident response teams!
2. Beware his typical tricks
We've already had Black Friday, and it's full steam ahead for Christmas gifts and other celebration purchases. December is, by default, a profitable month for retail sales.
Unfortunately, it can be a profitable month for cybercriminals as well. Taking advantage of the spending fever, hackers may use a series of attack methods that require little technical resources and that are easy to launch:
- Fake retail websites and phishing scams
- Fake ads, especially through emails and social media, use urgent phrasing that urges shoppers to click
- Malicious links
- Phishing campaigns
Spear phishing is also most prevalent during the Christmas season. Be mindful of suspicious emails or text messages from your ‘line manager’ or ‘senior leadership’ asking for urgent action. This is even more common for finance staff and budget holders with ‘critical’ transaction requests or details. As always, remain vigilant and look out for tell-tale signs of suspicious activity, and report it to the correct person in your school.
3. Holiday breaks mean fewer hands on deck for schools and groups
Everyone needs a break, and cybercriminals know that the holidays are an opportune time to strike.
That doesn't mean we need all hands on deck over the holidays, but it does mean defences need to be robust and systems updated before you close your doors for the break:
- Keep systems updated, with all the latest security patches installed on critical software and infrastructure.
- Confirm compliance with foundational cybersecurity standards within education.
- Conduct a pre-holiday audit to understand any weak points and vulnerabilities internally.
- If the worst does happen, have a robust and thorough incident response plan to limit a cyber-attack's impact. Ensure those included in this plan know their responsibilities and that all staff know what to do if they see something suspicious.
Final thoughts
The holidays are a time to rest, recharge, and spend time with loved ones. With the mindful approach to cybersecurity outlined above, you can go into your breaks feeling more secure about your school's cybersecurity posture. There is no perfect way to prepare, but taking the actions listed above will make it much more difficult for the Grinch to steal Christmas.
Why not download our cybersecurity checklist for more information on what your school or group can do?
