Skip to content

Cybersecurity Checklist for the Holiday Season 

As the holiday season approaches, many businesses experience a surge in activity, marked by increased transactions, heightened customer interactions, and a greater reliance on digital infrastructure. Unfortunately, it’s also the time when cybercriminals ramp up their efforts, targeting organizations that are distracted, short-staffed, or unprepared. 

At Cardinal Point Technologies, we believe proactive protection is the best defense. Here’s a quick cybersecurity checklist to ensure your business is ready for a secure and successful Q4. 

Audit User Access & Permissions

  • Remove access for former employees. 
  • Review and limit permissions based on current roles and responsibilities. 
  • Reconfirm and/or enable multi-factor authentication (MFA) across accounts. 

Update and Patch All Systems

  • Confirm your servers, operating systems, and applications are up to date. 
  • Implement an update schedule to automate updates year-round. 
  • Don’t overlook firmware updates for network equipment and printers; they’re often overlooked and can be vulnerable. 

Review Backup and Recovery Plans

  • Test your data backup and restore processes now. 
  • Ensure backups are stored securely both on and off network. 
  • Verify your disaster recovery plan is updated and accessible. 

 Educate Your Team

  • Human error remains the leading cause of security breaches. 
  • Run a short phishing awareness campaign. 
  • Remind your team to be cautious with holiday-themed emails, fake invoices, credential harvesting and gift card scams. These can be especially convincing now that attackers use AI to automate the process. 
  • Reiterate password best practices, including password complexity and rotation. 

Monitor for Suspicious Activity

  • Set up alerts for failed logins or unusual file access. 
  • Review firewall and antivirus logs. 
  • Work with your IT provider to ensure 24/7 monitoring is in place. 

Secure Remote Work Connections

If your team is working from home or traveling: 

  • If possible, use systems and policies to implement a zero-trust strategy to security. 
  • Only permit remote access to specific resources for employees who require it. 
  • Make use of remote desktop/app software designed to provide secure access to critical resources. 
  • Require MFA-enabled VPN usage for all remote access that can’t be achieved via other MFA protected alternatives such as remote desktop/app access. 
  • Ensure laptops and mobile devices are encrypted, password protected and if possible, managed by mobile device management software (MDM). 
  • Discourage the use of public Wi-Fi for sensitive work without protection.