Cristina’s Compliance Corner: Holiday Cybersecurity Threats – What to Know, and How to Protect Yourself

Cristina's Compliance Corner

Tis’ the season to be holly, jolly, and extra careful! As families around the world gear up for the holiday season with last-minute shopping, scammers and cybercriminals are readying themselves to strike those most unaware of cybersecurity threats.

I discussed common cyber threats with Dana Mueller, (formerly)Thoropass’s Compliance Evangelist, that present themselves around the holiday. We covered common threats seen this time of year and ways to protect yourself and your loved ones. You can watch the whole discussion here:

Rise in e-commerce gift buying

There are so many tasks associated with getting ready for the holiday season., One that always adds a layer of pressure is gift buying. 

Every year, I try to hold myself to two holiday shopping best practices:

  1. Being organized and not waiting until the last minute; and, 
  2. Trying to shop local/small businesses as much as possible. 

Unfortunately, both best practices are not always (or even often) met, and reliance on the convenience of online shopping at big box stores becomes crucial.

In fact, many Americans are just like me. It was reported by Finical Holdings LLC that in 2021, over 57% of US shoppers planned to do their holiday shopping online. In a day and age where the digital space runs so much of our lives,  it’s not entirely surprising to see this statistic. However, it certainly raises a security concern. One such concern is how many of these websites are considering security best practices when it comes to keeping personal information, such as names, email addresses, and even credit card numbers, confidential? 

Additionally, with an abundance of purchases being made online, it’s easy to lose track of your orders. To combat this, emails and SMS messages are often used to help customers know what orders they’ve placed and when they will arrive. Yet, scammers are using the same exact tactic – posing as your beloved Amazon order out for delivery, with a link to click on the status of your order. This has become such a widespread issue that the Amazon Help Center issued its own guide to help individuals identify these scams. If you identify it as being a scam, block the number or email address that is messaging you immediately. 

If online shopping is your best bet this holiday season, shop from vendors or stores you know and trust. Remember to only include information that is absolutely required to make a purchase, and never save your credit card information in your browser if shopping online. While we can’t all be perfectly organized elves this holiday season, we can at least minimize our chances of the Grinch stealing our personal data. 

Phishing, scammers, and hackers—oh my!

Unfortunately, cybercriminals don’t care that the holiday season is one of joyfulness, togetherness, and heaps of festivities. Instead, they use this time wear our guards are down, and pull our attention in so many different directions to make their move. 

While cybercriminals are more creative during this time, it doesn’t mean that their usual tactics don’t still apply. In a staggering new statistic presented by ThriveDX, they have seen an increasing attempt in ransomware attacks by over 70% between November and January. This is largely because cybercriminals capitalize on a few big things:

  • the increased traffic on the web
  • the massive influx of personal data being collected all at once; and,
  • the margin of human error significantly increased due to rushed action. 

Many of these ransomware attacks target retailers. Cybercriminals know that with the increased traffic to sites, attempted attacks yield more fruitful rewards. In an attempt to diffuse the situation, ransomware attacks tend to be more successful because retailers simply want to solve the problem and prevent further disruption to shoppers – and a PR nightmare. Retail attacks make up 24% of total attempts. 

Aside from overwhelmed and overworked retail companies, cybercriminals know that human error is ultimately the leading cause of attacks. The truth is, 95% of breaches occur due to human error. This means that if you see a deal that seems too good to be true, or don’t recognize an email address/phone number requesting action or information, beware! 


As a general rule of thumb, be increasingly vigilant during this time of year and be mindful of clicking on anything suspicious, especially around the holidays with these things in mind. Cybercriminals will get creative during the holidays, but they will also stick to their old tricks and games that are tried and tested. While it may seem like an extra sprinkle of holiday cheer, beware of sneaky Santa impersonators hiding behind computer screens.

How can I protect myself?

It might feel a bit like the Grinch is trying to steal Christmas here, but there are actionable steps you can take to protect yourself and your family this holiday season. Even better, most of these are best practices will be greatly beneficial for many years to come. Consider these three best practices for general security in everyday life on the interweb.

  1. Get a Password Manager! In an effort to keep passwords safe, it’s best to get a password manager, such as LastPass, for you and your family. This way, you can store shared passwords, make sure your passwords meet complexity needs and will remain off “autofill” on your shopping websites, yet still easily accessible. Trust me; this is one of the best improvements you can make for your general cybersecurity! 
  2. Don’t store your credit card information in your browser. Similarly to passwords on “autofill”, many people keep their credit card information a simple click away on many websites. Unfortunately, when there is a breach of one of these companies, your saved credit card information may be compromised in the breach. In piggybacking off of a password manager, you can even add a vault that will house your credit card information as well.
  3. If it smells fishy, it probably is. An advertisement for 70% off or a reward for clicking on something may seem amazing, but unfortunately, more often than not, this is yet another scam to get you to click on something malicious. Always consider the source of the email or phone number before clicking any links.

While you can’t prevent cyber criminals from attacking your favorite retailers, you can ensure the information you share with them is as minimal and protected as possible. 

And as always, be extremely careful never to give out any personal information if you aren’t sure what it is for. Our wallets are always on the lookout for a great deal, especially around the holidays – just as much as cybercriminals want our information!

Be jolly, but be careful!

While the holidays are a time of cheer, they can also be a time of stress and rushed decision-making. It’s not always easy to take a second to slow down and consider our next step, but when it comes to cybersecurity and the holidays, you really can never be too careful! Knowing that many criminals strike around the holidays, its best to put some of these practices into action now and allow them to seamlessly integrate into your ongoing life. 

Consider adopting these practices, for your business. 

When protecting your business from cyberattacks and ensuring your customers’ data remains safe, te key is knowing which framework(s) to adopt and who to partner with. 

If you’re looking to get compliant with a framework like HITRUST, SOC 2, or ISO 27001, consider the experts at Laika to guide you through the process from beginning to end. With our thorough risk assessment, fast certifications, and automated workflow audits, Laika makes staying within compliance as straightforward as possible. Speak to a member of our team today to learn more.

Share this post with your network:

LinkedIn