It’s never too early to give your business the gift of cybersecurity this holiday season. For small and medium-size businesses, the holidays are some of the busiest and most profitable months of the year. They’re also the most prolific time for cybercriminals. Phishing attempts surged by 46% last December, according to a 2023 report on cyber security trends.

Why does this happen? Well, these thieves know your time off schedules and take advantage of unattended systems meant to deter their hacking attempts. Not to mention their attempts to access data are more sophisticated than ever. If you’re thinking of waiting until the holidays arrive to start thinking about a plan, think again. Cybercriminals are planning just like you. Some estimates show as many as eight million credential stuffing attacks (just one of the ways cybercriminals target businesses) were run against consumers every single day during the holiday season or more than 5,000 attempts every minute.

What types of cyberattacks target small businesses during the holiday season?

Cyberattacks increase by 40% during the holiday season. It’s not only the busiest season for many businesses and consumers, but it’s also a virtual playground for cybercriminals who know the calendar dates most businesses will be closed. They also know you’re communicating a lot with your customers. They are, too.

The Most Common Online Threats to Small Businesses

Here are five main types of cybersecurity threats to businesses during the holidays.

Phishing Attacks via Email

A whopping 90% of (yes, you read that right) cyberattacks start with a phishing email, according to the same Cisco Systems cyber security threat report. These attempts are simple but effective. The most worrying period for businesses is right around November 27 and peaks sometime from December 6 - 9. The holidays provide a perfect cover for these phishing attempts with holiday-themed emails and more incentivizing emails in general being sent.

Credential Stuffing to Access Passwords

Let’s face it, Multi-factor authentication (MFA) fatigue is real, and having to enter passwords, plus checking for authorization emails or texts is tiring. You and your employees are likely to become less vigilant in the busy and distracting holiday season and you may still be using the same simple passwords for multiple devices or programs to save time. Hey, they’re easy to remember, right? But simple passwords like “password” or “12345” or using the same password on every device, is an invitation to thieves who can run sophisticated software to crack your credentials. Often they don’t even have to try too hard. They can simply use your own compromised login credentials from a previous breach if you never changed your passwords or activated MFA on your devices and logins.

Fake Websites Luring Unsuspecting Customers

For local businesses, nothing is more frightening than to hear a customer say they entered their credit card information on your store’s website but didn’t receive their order. Then they read off the website they used and it is a mirrored fake of your store’s legitimate website. These fraudulent websites use similar imagery, and names and look real but are a rip-off of your business. Often users make transactions, and you won’t know the issue until after the fact when a customer contacts you more often than not both confused and angry. The damage to your reputation and loss of business, not to mention the headache of trying to get a fake site taken down while working to inform your loyal customers of its existence, can cause even more unnecessary delays.

Ransomware Payouts that Can Close Your Business

As with the rest of the holiday season online vulnerabilities, ransomware attacks can increase by as much as 70% in November and December, according to Darktrace. The busy season for businesses is a boon for cybercriminals looking to exploit unsuspecting businesses. They steal information and encrypt critical data your business needs and refuse to release it unless you pay them a ransome. Most SMBs suffering this type of attack do not recover.

eCommerce Fraud that Disrupts Online Shopping

Whether it’s bots fraudulently flooding shopping carts or simply purchases from fraudulent, stolen information and access, eCommerce fraud costs millions. In fact, The Cyber Express reported that in 2023, “eCommerce fraud in the retail sector will hit a staggering $48 billion worldwide.” Can your business afford to lose customer trust and money this holiday season? Most likely not. So make a plan today.

How Can Businesses Stay Protected Online During the Holiday Season?

Your busiest time of the year isn’t the best time to discover your business's online vulnerabilities. Part of responsible business ownership is making sure you, your employees and customers are protected. So why leave yourself vulnerable to online fraud and cyberattacks this holiday season?

5 Ways Small Businesses Can Stay Protected Online This Holiday Season

Keep your business safe this holiday season with these five steps.

1. Hire a Trusted Managed Services Provider (MSP)

Hiring a Managed Services Provider like NerdsToGo provides you with that extra layer of security your business needs. Not only can an experienced MSP like NerdsToGo provide you with around-the-clock protection, they can also identify and test potential security breaches and in some cases, streamline your online operations leaving you time to focus on your business.

2. Update Your Antivirus and Anti-Malware Software

You and your employees should all update your laptops and computers endpoints and, at the minimum, all antivirus and anti-malware protection. Human error is the easiest breach for a cybercriminal. They’re counting on it. Don’t let them.

3. Update Your Passwords and Add Multi-factor Authentication

We know credential stuffing is among the most common forms of cyberattacks. Make your passwords stronger on all of your devices and add MFA. The time spent making a simple change could save your business from fraud in the future.

4. Encrypt All Endpoints and Protect Your Emails

Encrypting all endpoints including desktops, servers, laptops, tablets and mobile phones.This is especially important if your business is in a regulated industry or taking credit card payments. Remember, you’re sending emails, too. Keep your email list and customers protected.

5. Devise a Plan for Data Backup and Recovery and Test It
Prepare for ‘what if’ now. Implement and test an offsite data backup and recovery plan to protect against data loss and downtime. Make sure to account for both hardware failure and a cybersecurity incident. With a tested plan, you can eliminate the ‘what if’ with a proper plan in the event of a cyberattack.

Keep Your IT Protected This Holiday Season

Cyberattacks on small businesses too often end in disaster, but with proper planning and online safety protocols, you can better protect your business today. You don’t have to do it alone or add to your already overwhelming list of things to do as a business owner. Put IT support on the top of your holiday wish list and contact your trusted, local MSP NerdsToGo today this holiday season and gift yourself, your business and your customers peace of mind.

A NerdsToGo reminder to Stay Aware and Stay Safe this Holiday Season

Avoid using public wi-fi during your holiday travels. These simple online checks can leave your business exposed. Consider using a Virtual Private Network (VPN) instead.
Remember, while public charging stations are convenient, they still pose a threat allowing attacks to access or “juice jacking” compromise devices connected to these free stations.

Text messages are plentiful this holiday season so is smishing. Don’t get fooled by a scam message or click on any links or give anyone information or cash if you can’t verify the sender.