Skip to Content

Holiday Hours

All of our bank locations will close on Tuesday, December 24th at noon and reopen on Thursday, December 26. Have a safe and happy holiday!

Safeguarding Your Business Against Holiday Cybersecurity Threats… and into 2024

While the holiday season can bring many good things, such as increased profits for businesses, it can also bring increased fraud activity. Luckily, there are steps you can take to protect your business and your customers from cybersecurity threats. Keep reading to learn the best business cybersecurity strategies to implement now.

Ransomware

Ransomware threats include phishing, remote desktop protocols, and software vulnerabilities.  The professional sector has the highest number of malware attempts, followed by manufacturing and public administration. 

Companies can be at a much higher risk during the holidays because threat actors think that the professionals have left the building.  When malicious software gains access to a company computer or a network, a hacker can block your access to open files and claim system access.  A ransom is requested to get your data back. Stay vigilant as attacks are becoming more prevalent.

Phishing

Phishing refers to fraudulent messages (email, text message, social media message, etc.) that pose as a real company or person you know. The purpose of phishing messages is to trick you into revealing sensitive information such as login credentials, bank account and card numbers, and more. Businesses may have their accounting or HR departments targeted, as these employees have access to lots of personal and company information.

Fraudsters count on employee distraction and new or untrained employees during the holiday season.  Both consumers and businesses are vulnerable; think twice before clicking on links or providing any sensitive information online. 

Current trends in phishing include:

  • Unique domains used for phishing.
  • Cryptocurrency also sees a spike in phishing.
  • Increased incidence of fake sites posing as online retailers or delivery services.
  • Other lure themes include popular product promotions aimed toward customers to gain. personally identifiable information (PII) as well as MFA bypass methods.

You can protect your business by keeping employees trained in spotting and reporting phishing messages. You may also want to block access to social media sites, personal email providers, and other targets of phishing on company computers.

Domain Impersonation or Typosquatting

Domain impersonation is another current phishing trend in cyber-fraud. Domain impersonation is when fraudsters create legitimate-looking email domains to impersonate companies and individuals. The domain names actually contain typos that aren’t easily identifiable.  For example, they may send your employees an email from IT@yourdomainname. Or they may change one letter, add a word, or shorten a name just to trick you. 

A rise in digital transactions means more opportunities for cybercriminals to intercept sensitive data.  Threat actors like to acquire valuable personal information during the holidays when they know people are in a rush.  Be prudent and double check retailer names, domain names, social media stores, and any sites requesting sensitive information.  If something seems odd, it probably is!

Bots Disrupting Online Retail

A bot is an automated program used to carry out tasks online. E-commerce businesses should be on the lookout for bots that buy and re-sell stolen goods or limited-edition items at a higher-than-average price, especially during the holiday shopping season. Businesses may struggle to differentiate bot activities from normal customer behavior.

Gift card fraud

Gift cards are a popular way to spread holiday cheer, but their anonymity makes them vulnerable to money laundering and other illegal activities.

Card Draining

While geared toward the consumer, another threat involves gift cards.  Scammers are working overtime during the holidays, taking cards off the display, obtaining card information, and putting the card back on the display.  Once the card is activated and money is available on the card, fraudsters can drain the card before the original purchaser can use the funds.

Check cards before purchase and make sure they have not been tampered with.  If any information is already scratched off, do not purchase the card. 

Proactive Measures for Businesses

Follow these best practices to improve your business’ approach to cybersecurity.

  • Use multifactor authentication and strong passwords.
  • Train staff, including any temp or seasonal employees, to recognize suspicious activity and report emails from unfamiliar senders.
  • Use a trusted anti-virus program.
  • Perform all software updates promptly.
  • Check for weaknesses in your cybersecurity infrastructure.
  • Plan and test for potential weaknesses in your business's cybersecurity infrastructure so you can make any needed modifications before peak transaction periods.
  • Update your company’s cybersecurity protocols to stay ahead of new and evolving cyber threats, which are often more widespread during these busy times.
  • Emphasize your cybersecurity policies to boost customer confidence. This is particularly important when online shopping and transactions increase during the holiday season.

Having a plan is especially key to mitigating threats.  Who are the players?  Identify a team, roles, and responsibilities.  This includes all levels of employees, as well as external partners such as a legal team, technology experts, and insurance companies.  Having this set up in advance will facilitate a more rapid response should a cyber crisis occur.

Practice your incident response plan.  This helps to keep everyone familiar with the process and steps to take should an incident occur.  Establishing a secure out-of-band place to communicate and collaborate is integral in your response and recovery efforts, as well. 

Leverage Technology to Protect Your Business

Utilize fraud-prevention tools to monitor and manage suspicious activities, such as unusual IP addresses and transaction amounts.

Implement tokenization services to securely store sensitive customer data, ensuring safe and quick transactions for repeat customers.

Enroll in our positive pay service to reduce the risk of fraud by reviewing checks and/or ACH items before they clear your account.

About American Community Bank

Since 2000, American Community Bank & Trust has been dedicated to helping businesses grow and thrive. We pride ourselves on being more responsive, agile, flexible, and attentive than the bigger banks. We are here to help you protect your business during the holiday season. To learn more about our business banking services, contact us or visit your nearest location in the Chicagoland area.