According to a recent report from the Ponemon Institute conducted on behalf of IBM, 77% of organizations don’t have a cybersecurity incident response plan applied consistently across the enterprise. An employee’s actions—either accidental or intentional—could jeopardize your entire organization this holiday season.

Top holiday cybersecurity risks for organizations

Holiday shopping on company time

According to the Morphisec: Holiday Impact on Enterprise Security Survey, nearly half of professionals will use a work-issued computer or mobile device for online shopping or gift searching.

That means that while employees are crossing names off their lists, they could be exposing the organization to cyber criminals on the lookout for phishing, ransomware, or credit card fraud targets.

The internet of (potentially unsafe) things

There have been a number of news stories about internet of things (IoT) devices being compromised. Earlier this year, Google issued a warning after some Nest camera interceptions, including a hacker who peered into a baby’s room and another who swore through the camera’s microphone into a family’s living room.

Organizations also use connected technology to do things like tracking products through the supply chain, remotely monitoring premises, and even making coffee. Adding another level of complexity is employees who bring IoT gifts into work, whether it’s a fitness tracker or a gaming system.

Despite the growing risks, only 9% of companies said their organizations currently inform and educate employees and third parties about the dangers created by IoT devices.

Seasonal employees with year-round access

Many organizations hire temporary seasonal employees to help deliver products and services during busy times. However, if you’re not properly managing the data after these short-term employees leave, it can pose a huge security risk.

A large company could have thousands of user accounts granting all sorts of permissions and privileges, making it a huge challenge to manage access life cycles. Just one bad actor who gains access to a temporary user account with network privileges can cause serious damage. Or, an employee could steal critical data, or even access confidential information and systems after they’ve left the organization.

Growing third-party risk

Many organizations increasingly rely on vendors and third parties during the holidays, putting sensitive data at risk. When you’re dealing with multiple third-party vendors, the chance of employee error increases drastically. CompTIA’s International Trends in Cybersecurity research found that 52% of respondents felt cybersecurity issues were caused by human factors.

In 2017, the global shipping companies Maersk and FedEx were crippled by the NotPetya cyber attack, which led to hundreds of millions of dollars in losses. It infected computers and demanded a Bitcoin ransom to restore access to files. The attack overall resulted in billions of dollars worth of damage across Ukraine, Russia, Denmark, the UK, and the US.

How to prevent holiday cybersecurity risks

While you can’t avoid every security issue, by being proactive you’ll reduce the likelihood of a data breach or cyber attack happening to your organization this season. Here’s how:

• Provide security awareness training to employees. (Assessment questionnaires can be a great tool for managing staff education.)
• Immediately deactivate user accounts when someone leaves the organization.
• Use software like RiskBond that identifies, assesses, responds to, and monitors your enterprise risks.
• Reduce human error through better third-party risk management.

Obviously, cybersecurity isn’t a seasonal gig. But taking extra precautions during the holidays can help prevent incidents that could keep your organization from having a Happy New Year!