Christmas cyber security advice

by
Christmas

Working from Anywhere and Business Email Compromise

If you are looking for something lighter because it is Christmas, can I suggest this, a look at Christmas shopping for the geeks in your life:

“J.A.R.V.I.S., make a note. Remind me not to wake up in the morning ever again.”

However, with the holidays coming up and offices and regular routines being disrupted by time off and travelling now is a good time for threat actors to run some cyber attacks and see which ill- prepared organisations they can catch out.

Working from Anywhere

It might be the holiday season, but some of us will still have some work do whilst enjoying a mince pie (gluten free and vegan options available) with an alcoholic or non-alcoholic tipple. I wrote about some cyber security steps every organisation should take – throughout the year – last week. Catch up with that here:

Cyber Security and Hybrid Working

Business Email Compromise

Disruption and change is an ideal time for hackers to try and run a business email compromise attack – especially if they think they have your compromised Microsoft credentials. (CISA, 2022)

Here is some quick advice to address the issue before you head off on your break

  • Disable any and all unnecessary and unused administrator accounts. The business owners and CEOs do not need to be admins just for their egos.
  • Set up email alerts for whenever an account sets up an email forwarding rule. This is a crucial step in the threat actors obscuring this type of cyber attack – if you know a forwarding rule has been set up you can check that it is legitimate and possibly stop a costly cyber attack. (One of the alerts generated by a legitimate email forwarding rule at our company is at the top of this article.)
  • Have procedures set up to use text messaging or phone calls, not email, to check the legitimacy of such business functions as paying large amounts of money out on behalf of the CEO. Remember your email could be compromised.

Happy Christmas and Prosperous New Year

This is the last blog here for 2022. I will be continuing with the cyber security news on Smart Thinking Solutions over the holidays but it will only be covering the high impact cyber security issues that you need to be alerted about. I will be back here on 10 January 2023.

From everyone here at CyberAwake and Smart Thinking Solutions we hope you have a great holiday.


Clive Catton MSc (Cyber Security) – by-line and other articles

References

CISA. (2022). FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory regarding business email compromise schemes used to Steal Food. CISA. Retrieved December 20, 2022, from https://www.cisa.gov/uscert/ncas/current-activity/2022/12/16/fbi-fda-oci-and-usda-release-joint-cybersecurity-advisory

Contact us for consultation

Wake up to cyber threats..

Christmas cyber security advice Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close