For most of us, the holiday season is a time to take a breather from the rat race, gather with family and friends, exchange gifts, eat lots of food, and express gratitude. For cybercriminals, however, holiday season is busy season.
Indeed, for those looking to wreak digital havoc, now is the quintessential time to target online shoppers, retailers, government agencies, and businesses – a time when their online transactions are increasing and their online vigilance is decreasing. The risk now is higher than ever, as the number of cyber traps into which the unwary will fall, seems to be limitless this time of year.
Do not wait for 2020 to bolster your defenses. By then, it may be too late. Below I discuss some highly recommended cybersecurity defense measures that consumers and business owners should be taking at this time of year.
For Consumers:
1. Contact your bank or financial manager
A great place to start is by calling your bank or financial manager to request that they be hypervigilant over the next few weeks, and to contact you if they spot any unusual activity involving your account. It is also a good idea to ask them about cybersecurity protocols that they have put in place this season to protect your accounts as well as steps that you can take to enhance those protections.
2. Re-set your Passwords
Re-setting your passwords is something that you should do at least once each year, but doing so now is particularly important. As a general rule, the longer, more complex and random your password is, the less likely a cyber-attacker will be able to crack it.
3. Update your Antivirus Software
Now is also a good time to make sure that your antivirus software is up to date. Although the time it takes for these updates to install can feel like an eternity, a cyberattack resulting from the use of stale antivirus software will surely take up much more of your time in the long run.
4. Do Not Use Unsecured WiFi Networks
Particularly during the holiday season, do not be tempted by using unsecured wi-fi networks while you are out of the office. The majority of cyberattacks occur because a consumer accessed personal information in an unprotected space. Exposing your private information to a cyberattack should, of course, outweigh the convenience of using unsecured wi-fi hotspots.
For Business Owners:
Cybersecurity is perhaps the most serious, existential risk your organization faces in today’s world, yet so many organizations remain well behind the curve. If you are a business owner, it is more important now, more than ever, to ensure that you have a cybersecurity insurance policy that meets your organization’s needs. Now is also a good time to have appropriate staff review your organization’s security response plan and processes for responding to a cybersecurity attack.
Before heading out for the holidays, make sure that you have sufficient personnel “on call” for taking immediate response measures while most of your staff will be away from their desks. It is also a good idea to contact any outside vendors, such as forensics companies and attorneys who your business relies on as part of its cyber breach response plan, to discuss their availability during the holiday season in the event their services are needed on short notice.
If your organization does not have policies and procedures in place to respond to a cyberattack, the time to address this is now.
You should consider it imperative and urgent for your business to have appropriate systems in place to, at a minimum: (1) immediately respond to breaches; and (2) mitigate damage and fallout resulting from breaches. It is essential that these systems comply with the cybersecurity laws that cover your business operations. With 50 state cybersecurity statutes in place, many of which are in the process of being amended and each with its own unique requirements, ensuring legal compliance can be challenging.
For example, New York’s updated cybersecurity statute, the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD ACT”) goes into effect on January 1, 2020 and is considered to be among the strictest cybersecurity laws enacted in the nation. Among other things, it requires covered businesses which digitally store the personal information of New York State residents to implement reasonable data security safeguard requirements, including designating cybersecurity personnel and implementing adequate controls for the protection of personal data, employee training concerning cybersecurity policies, practices and procedures.
If your business has not already done so, now is the time to put a team in place consisting of outside cybersecurity counsel and appropriate, expert IT personnel to ensure that your business is compliant with all applicable cybersecurity laws and regulations.
Scott Watnik is a litigation partner and the cybersecurity practice co-chair at Wilk Auslander LLP
