As much of the world looks forward to the upcoming holidays, it is a good time for a reminder that cyber threat actors are no respecters of festivities. Observances and traditions notwithstanding, the holidays are an especially risk-filled time of year as cyber threat actors take advantage of employees on leave, burnout, deadlines, and other distractions. A few incidents that have occurred over a holiday during recent years include events such as SolarWinds, log4j, Colonial Pipeline, and Kaseya.

Prior to staff departing for much needed time off, it is important to review cybersecurity policies and procedures and make sure your organization has a plan in place to respond to any incidents that may occur during the holidays. Before you think about ripping open presents and breaking into your best rendition of “Auld Lang Syne,” WaterISAC encourages members to plan for the worst and hope for the best by considering the following:

• Have a response team in place – Identify IT and OT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
• Consider managed detection and response – Some companies transfer security tasks to a managed detection and response (MDR) provider to provide full coverage over the holiday and weekends.
• Be extra vigilant with downloads, clicks, messages, and emails – Remind employees not to click on suspicious links, and conduct exercises to raise awareness.
• Lockdown privileged accounts and remote access – Implement multi-factor authentication for remote access and administrative accounts and if you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
• Establish clear isolation tactics – Be prepared to disconnect a host, lock down a compromised account, and block malicious domains.

For greater details on these tips and more, visit CISA, HelpNetSecurity, and SecurityIntelligence.