Holiday Hackers: 4 Ways You’re Vulnerable this Silly Season

Your kids are not the only ones counting down the sleeps until Christmas. While the little ones are dreaming of Santa filling their stockings with presents, cyber criminals are scheming new ways to line their pockets.

1.      Gone phishin’

When your staff go online shopping at their work desks, they could be putting their bank accounts – and your business – at risk. Cyber crims exploit online buyers’ desire for big discounts by hitting them with phishing scams containing booby-trapped ‘special offers’. Others contain fake order details of delivery confirmations. You’re just one click away from

The solution? Educate your staff on the risks of cybercrime and send out a reminder to everyone to be especially vigilant in the lead up to Christmas. Reputable companies promote their sale information on their websites: there’s no need to click on a link in an email. Ever.

2.      Downtime destruction

Many businesses and retailers postpone making anything but the most essential security updates and upgrades over the holiday period. The high volume of shoppers and high cost of system interruptions lead them to issue a ‘change freeze’.  This leaves their systems and networks vulnerable to hackers who take advantage of the knowledge that passwords haven’t been changed and defences haven’t been upgraded.

The solution? At a minimum, check and change your default and simple passwords. If possible, use two-factor authentication.

3.      Point-of-sale pillaging

Of growing concern to retailers is their dependence on the supply chain ecosystem—third parties and point-of-sale integrators. Point-of-sale integrators are increasingly targeted by phishing and credential attacks to access retailer systems. If your vendors, partners or suppliers have any security weaknesses, cyber criminals can exploit them to gain unauthorised access to your network.

The solution? Monitor what you can about the security of your vendors, partners and suppliers. Talk to account and contract managers about the importance of using secure and unique usernames and passwords, and updating them with regularity.

4.      Holiday hide and seek

Hackers and rogue insiders can hide their activities more easily during predictably higher volume periods. It’s harder to detect irregular traffic in a sea of genuine sales.

The solution? The best solution is to prevent attacks in the first place. But if it’s too late to add new defensive measures, focus on detection. Your focal points should be command-and-control traffic for botnets, successful and unsuccessful authentication attempts, and host-based events on point-of-sale systems. Look for suspicious domain registrations and DNS events.


If you’d like help to secure your system this summer, ask one of our experts. We can guide you through your options and answer any questions you may have. You can also outsource security management altogether. After all, it’s what we do.

Major projects

Yes, we can help you with one-off major infrastructure and migration projects too. If you want to find out more on our Technology risk management, Managed It Services, Medical ITTechnology strategy and Data integrity

You just need to talk to us. 

Scroll to Top