Blog
← Back to Blog
December 24, 2020 cybersecurity

Christmas Eve 2020: Security in Quiet Times

Cybersecurity monitoring and protection

Christmas Eve 2020. Offices closed. Most staff with family. Quiet time at end of challenging year.

But cybersecurity doesn't take holidays. Here's what practices should know about security during quiet times.

Why Attackers Target Holidays

Reduced Staffing

Skeleton crews or closed offices mean slower detection and response.

Attackers know this. Some specifically target holidays when response will be delayed.

Distraction

People on call during holidays are distracted. Family activities, celebrations, travel.

Less likely to notice subtle warning signs.

Delayed Discovery

If attack happens Christmas Day, discovery might not happen until office reopens days later.

This gives attackers more time.

Holiday Security Measures

Monitoring Continues

Security monitoring systems don't take Christmas off. Automated monitoring watches for threats even when staff is away.

On-Call Coverage

Someone should be on call for security emergencies. Not necessarily in office, but reachable and able to respond.

Backup Verification

Verify backups continue running successfully through holidays. Problems discovered January 2 are less urgent than those caught December 25.

Access Reviews

Holiday closures are opportunity to verify who has access to what. Any unusual access patterns?

Common Holiday Threats

Holiday-Themed Phishing

Phishing emails using holiday themes:

People let guard down during holidays. More likely to click suspicious links.

Gift Card Scams

Emails appearing to come from executives requesting gift cards for employees or clients.

These target accounting and administrative staff during holiday season when such requests seem plausible.

Ransomware Timing

Some ransomware attacks timed for holiday weekends. Deployed Friday before long weekend. Discovery delayed until Tuesday.

Personal Device Security

Staff using personal devices during holidays:

Email on Personal Phones

Work email accessed from personal phones. Ensure devices are secured:

Personal Computers

Checking work email from home computers. Ensure reasonable security:

Travel Considerations

Traveling with Devices

If bringing work devices during travel:

International Travel

Some countries have requirements about bringing devices across borders. Understand requirements if traveling internationally.

What Can Wait

Not everything needs immediate response:

Non-Urgent Issues

Minor problems, questions, routine requests. These can wait until offices reopen.

Planned Maintenance

Routine updates and maintenance can wait. Don't do risky changes during holidays when support is limited.

What Can't Wait

Some issues require immediate response even on Christmas:

Active Attacks

Ransomware deployment, active breach, systems being compromised. These need immediate response.

Complete System Failures

If practice is open (emergency services) and systems are down, this can't wait.

Critical Security Vulnerabilities

If critical vulnerability disclosed and exploited in wild, emergency patching may be necessary.

Preparation Before Holidays

Pre-Holiday Checks

Before long holiday break:

Contact Information

Ensure emergency contact information is current and accessible:

Communication Plans

How will staff be reached in emergency? Ensure you have:

Remote Monitoring

Modern monitoring tools allow checking system health without being in office:

Cloud Dashboards

Many services provide status dashboards accessible from anywhere.

Mobile Apps

Monitoring systems often have mobile apps for checking status and responding to alerts.

Automated Alerts

Configure alerts for critical issues. Get notified if problems occur.

2020 Holiday Considerations

2020 holidays are different:

Remote Work Already Normal

Many practices operating partially or fully remote. Holiday security isn't much different than regular remote work security.

Pandemic-Related Scams

COVID-themed phishing continues through holidays. Fake vaccine information, testing scams, pandemic relief fraud.

Increased Online Shopping

More online shopping means more shipping notifications. More opportunities for fake shipping phishing emails.

Returning After Holidays

Post-Holiday Security Review

When returning after holiday break:

Staff Awareness

Remind staff to be cautious after holidays. Attackers know people returning from vacation are catching up and may be less vigilant.

Quiet Times Are Valuable

Holiday downtime is also opportunity:

Maintenance Windows

When offices closed, good time for maintenance that would disrupt operations during normal hours.

Planning and Assessment

Quiet time allows reflecting on security posture and planning improvements for coming year.

Testing and Verification

Test security controls and verify they work as expected.

This Christmas Eve 2020

Christmas Eve at end of challenging year. 2020 brought unprecedented disruption.

But security infrastructure mostly held up. Practices remained protected through pandemic transition. Remote work didn't create security catastrophes.

Be grateful for security that worked quietly in background all year.

For Those On Call

If you're on call for security during holidays: thank you.

Monitoring systems. Ready to respond if needed. Sacrificing some holiday peace for practice security.

Most holidays are quiet. But preparedness allows enjoying holidays knowing practice is protected.

Our Coverage

At Robell Technologies, we maintain security monitoring through holidays:

Our clients can enjoy holidays knowing security continues.

Merry Christmas

Merry Christmas 2020. May your systems stay secure, your backups stay good, and your holidays stay IT-emergency-free.

To security professionals working today: thank you for keeping practices protected.

To everyone: enjoy quiet time. 2020 was exhausting. Rest is deserved.

Here's to secure and peaceful holidays.