Christmas is the worst time of the year for your organisation to suffer a data breach. Not only is it morale-sapping, it also means employees will have to work long hours to investigate the incident and recover whatever information it can.
And, of course, the financial costs of a data breach may result in holiday bonuses being a lot smaller than you might have anticipated, with future targets also being affected.
After all, the run-up to Christmas is the peak trading period for a lot of organisations. A security incident at Christmas could have an financial impact and cause long-term reputational damage.
Say, for example, a customer plans to purchase a present for a loved one through your organisation, but due to an ill-timed problem with your website, they were unable to get through.
That’s going to leave a much bigger stain on your organisation than an incident that occurred at any other time of the year – not simply because it’s likely that more people would have a similar problem, but because of the emotional damage that it causes.
Now your already busy potential customers have to find somewhere else to buy the present they were looking for. You are the cause of unnecessary stress, and customers might not forget that in a hurry.
A problem for all organisation
Organisations for which Christmas is a quiet period have the opposite problem. With business winding down and employees using up their remaining annual leave, offices are often half-empty at this time of the year – and those who are still around are liable to take a relaxed attitude to work.
With their attention turning to Secret Santas, Christmas jumper competitions and the idiosyncrasies of the perfect roast potato, a cyber attack could catch your staff off-guard.
Whether Christmas is a busy or quiet time for your organisation, you should have the same cyber security objectives: prevent simple mistakes.
There’s not much you can do at such short notice to prevent sophisticated attacks, but you can address human error. It’s one of the biggest causes of security incidents at any time of the year, but it’s a particular threat at Christmas.
Some common risks at this time of the year include:
- Clicking phishing email because employees are bored or curious;
- Leaving passwords written down so seasonal staff have easy access to the organisation’s Wi-Fi;
- Leaving USB drives containing sensitive information in a public place;
- Mistyping customers’ information or updating the wrong file; and
- Forgetting to properly dispose of physical records containing sensitive information.
To mitigate these risks, it’s essential that you commit to staff awareness training. This begins, as most information security matters do these days, with the GDPR (General Data Protection Regulation).
Christmas with the GDPR
The GDPR has caused a lot of headaches for employees since it was implemented last May, so it’s probably the last thing they want to hear about with Christmas around the corner.
However, this might actually be the perfect time to get your employees to brush up on their data protection skills.
That’s because many experts recommend ‘gamifying’ staff awareness programmes. This refers to the idea of turning lessons into informal competitive exercises. This could be as simple as a quiz where the top scorers win a prize, or it might be part of other office games you play.
Staff probably won’t jump at the idea of a GDPR quiz with quite the enthusiasm that they might with a round of truth or lie, but it’s a great way to get them engaged without anyone complaining that training programmes are taking away time that they could be spent working.
How else can you prevent security incidents?
Christopher Wright’s How Cyber Security Can Protect Your Business – A guide for all stakeholders is the perfect guide for senior managers looking for more advice on this topic.
This book explains in simple terms the steps executives and senior managers should take to prepare their organisation to overcome cyber security risks.
Its strategic, business-focused guidance helps you understand how risk and compliance works, how it applies to cyber security and what you must do to create an effective cyber security strategy.