5 Tactics To Protect Your Business Against Cyberattacks This Holiday Season

© AdobeStock
As millions of Americans visit family and friends in the coming weeks, businesses need to keep cybersecurity initiatives top of mind.

The holiday season is here, which means more employees will be working from the road, visiting family and friends and enjoying end-of-year vacations. According to a consumer survey of nearly 1,500 U.S. adults, almost 50 percent said they would be traveling between Thanksgiving and New Year’s Eve. Even employees who aren’t traveling this holiday season will likely use their company-connected devices for work activities. 

The holiday season surge in remote work and ecommerce (58 percent of consumers will purchase gifts online this year, according to the National Retail Foundation) heightens mobile security risks for any business where employees use mobile devices to stay productive. 

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) routinely advise businesses on cybersecurity threats during the holidays, emphasizing how cybercriminals see this time of year as “attractive timeframes” to target both small and large businesses: “In some cases, this tactic provides a head start for malicious actors conducting network exploitation and follow-on propagation of ransomware, as network defenders and IT support of victim organizations are at limited capacity for an extended time.” Industry reports echo the FBI and CISA’s warnings, showing a measurable increase in cyberattacks during the holidays—2021 saw a 30 percent increase in the number of incidents over the previous year. 

Why cybercriminals thrive during the holidays

The reality is that cybercriminals depend on distractions to make targets more vulnerable to email phishing schemes, malware attempts and other common tactics. Monitoring cybersecurity incidents becomes more challenging during the holidays with so many employees conducting business via their mobile devices, charging company-owned phones at public charging stations in airport terminals or hotel lobbies, and logging into work apps via unsecured Wi-Fi networks. 

A 2022 Verizon report revealed 30 percent of zero-day exploits in 2021 targeted mobile phones and tablets—and that nearly half (46 percent) of small businesses reported a cybersecurity compromise involving a mobile device that same year. 

Cybercriminals consider mobile devices low-hanging fruit because they provide much of the same access as traditional endpoints and often serve as an authentication tool. For hackers, work phones and tablets offer an easy way to infiltrate an entire network, putting cloud data and applications at risk. 

Businesses that implement traditional mobile device management (MDM) solutions are protecting their managed devices, but these solutions often fail to detect threats across all endpoints, mobile devices, networks and cloud environments. For businesses with connected employees, now is the time to implement heightened security standards focused on mobile protections. 

5 protection tactics 

First and foremost, keep company-owned devices secure by regularly updating smartphones and tablets with the latest software patches and security updates.

For small businesses without a dedicated IT or security team, it’s easy to forget how important these updates are to your company’s network security measures. Staying on top of mobile software updates reduces the risk of cyber incidents. Also, implementing a mobile security app for all employee and contractor devices adds an extra layer of protection. If you do have an IT or security team, they should be continuously monitoring your organization’s mobile devices to ensure the most current applications and security measures are deployed. 

Make cybersecurity safety an integral part of your employee onboarding and training programs. 

Without 24/7 visibility into your employees’ mobile activity, cybersecurity training is a crucial component of any comprehensive security program. Employees should be made aware of the latest mobile cybersecurity threats and instructed on best practices, including leveraging strong passwords, employing two-factor authentication and being on high alert for suspicious emails, texts or other suspect activity that could spiral into a full-on cyberattack.  

Integrate regular career training opportunities for IT and security teams.   

As cyber scheme sophistication increases exponentially, it’s insufficient to simply monitor your business’ network and systems. It’s crucial that your IT and security teams train rigorously while tracking emerging threats, following recommended mitigations from industry analysts and national agencies, and even monitoring the dark web to preempt exploitation efforts. 

Monitor your network traffic to identify any unexpected shifts in activity. 

Most enterprise-sized organizations have systems in place to monitor network traffic, but small to midsize businesses often fail to implement solutions that can actively analyze network activity. Fortunately, there are automated cybersecurity platforms that come equipped with detection and response capabilities and include robust mobile security capabilities. Advancements in AI and cybersecurity technology not only ensure more cybersecurity options for SMBs, such solutions are increasingly becoming more affordable to fit even the most frugal security budgets.

Prioritize developing and implementing an Incident Response Plan so that you’re prepared should an attack happen over the holiday break.  

A cybersecurity Incident Response Plan is crucial to your company’s safety efforts and should be considered among your business’ most important pieces of documentation, serving as a playbook if your company falls victim to a cybersecurity incident. A thorough Incident Response Plan includes step-by-step instructions for investigating how the attack happened, as well as how to contain and remediate the threat to avoid future attacks. If you have employees conducting business on mobile devices, be sure your Incident Response Plan outlines response protocols for mobile-specific attacks. For businesses that do not have a plan in place, there are battle-tested Incident Response Plan templates to customize an approach for your organization’s unique needs.  

Mobile cybersecurity is critical now—and for the future

Mobile cybersecurity is a core component of a comprehensive cybersecurity program and is especially critical during the holidays. According to a recent McKinsey report, “Mobile platforms, remote work and other shifts increasingly hinge on high-speed access to ubiquitous and large data sets, exacerbating the likelihood of a breach.” 

McKinsey’s report revealed that 85 percent of small and midsize businesses were looking to increase spending on cybersecurity measures this year, calling attention to “on-demand access to ubiquitous data and information platforms” as the top cybersecurity trend with large-scale implications. 

If your business does not currently have cybersecurity measures in place to protect mobile devices, this holiday season is the perfect time to up-level your security efforts. By investing in an automated cybersecurity platform that enables visibility across all endpoints, mobile devices, networks and cloud environments, business leaders can prioritize productivity and protection for a strong start to 2024.

  • Get the Corporate Board Member Newsletter

    Sign up today to get weekly access to exclusive analysis, insights and expert commentary from leading board practitioners.



    20th Annual Boardroom Summit

    New York, NY



    Board Committee Peer Exchange

    Chicago, IL