A Cybersecure Christmas: The Grinch-Free Guide

 

Every Who Down in Whoville Liked Christmas a lot...
But the Grinch, Who lived just north of Whoville, Did NOT!
The Grinch hated Christmas! The whole Christmas season!

But he saw an opportunity, for one good reason...

 

Cyber attacks increase by about 30% during public holidays such as Christmas and other festive holidays.

 

Don't let the copyright-appropriate 'Green person who steals Christmas'* take away the festive spirit in your school or district. Before schools shut up shop for the year, the Secure Schools team is here to share some tips, tricks, and easy-to-adopt ways of thinking to reduce the risk of attacks from cybercriminals* in your schools over the winter break.

 

Secure-Schools-Christmas-graphics-2024-v2

 

1. Remain mindful and aware in the festive period 

 

It can be difficult to pay proper attention to what dangers might sneak into our emails, social media messages, and newsfeeds in the build-up to Christmas.

 

Secret Santa invites, special offers, and party invites from unknown/different providers are likely to bombard your inboxes over this time. As always, be mindful and vigilant before clicking any links or entering details to any third-party platforms. 

 

A recent study shows that up to 45% of employees who get distracted during the holiday period fail to effectively comply with their organization's cybersecurity policies. It's crucial to remain on top of your school or district's policies and act on these as you would any other time of the year. Hackers know this is a time when things can tend to slip, so do what you can to keep them from stealing Christmas for your incident response teams! 

 

2. Beware his typical tricks 

 

We've already had Black Friday, and it's full steam ahead for Christmas gifts and other holiday celebration purchases. December is, by default, a profitable month for retail sales.

 

Unfortunately, it can be a profitable month for cybercriminals as well. Taking advantage of the spending fever, hackers may use a series of attack methods that require little technical resources and that are easy to launch:  

  • Fake retail websites and phishing scams
  • Fake ads, especially through emails and social media, use urgent phrasing that urges shoppers to click
  • Malicious links
  • Phishing campaigns

Spear phishing is also at its most prevalent during the Christmas season. Be mindful of suspicious emails or text messages from your ‘line manager’ or ‘Senior Leadership’ asking for urgent action. This is even more common for finance staff and budget holders, with ‘critical’ transaction requests or details. As always, remain vigialnt and look out for tell-tale signs of suspicious activity, and report it to the correct person in your school. 

 

3. Holiday breaks mean less hands on deck for schools and districts

 

Everyone needs a break, and cybercriminals know that the holidays are an opportune time to strike. 

 

That doesn't mean we need all hands on deck over the holidays, but it does mean defenses need to be robust and systems updated before your close your doors for the break:

  • Keep systems up to date, with all the latest security patches installed to critical software and infrastructure. 
  • Confirm compliance with foundational cybersecurity standards within education.
  • Conduct a pre-holiday audit to internally understand any weak points and vulnerabilities. 
  • If the worst does happen, have a robust and thorough incident response plan in place to limit the impact of a cyber-attack, and all who are included in this plan are aware of their responsibilities in advance.

Final thoughts

 

The holidays are a time to rest, recharge and spend time with your loved ones. With the mindful approach to cybersecurity we outlined above, you can go into your breaks feeling more secure about your school's cybersecurity posture. There is no perfect way to prepare - but taking some, if not all of the action listed above will make it much more difficult for the Grinch to steal Christmas. 

 

For more information on what your school or district can do, why not download our cybersecurity handbook?

 

You can also see all the packages we offer to help improve your school's cybersecurity posture here.