top of page

Don’t let cyber hackers steal your Christmas cheer

Updated: Dec 14, 2022

The decorations are up, the tree is shining brightly, and The Pogue’s Fairytale of New York is on repeat which can only mean one thing, it’s Christmas! Whilst many of us see the festive period as a time to relax and put our feet up, cybercriminals see it as an opportunity to slip under the radar and launch an attack at a time when victims are caught off guard.

The implications of a cyber-attack can be detrimental to a business, a security incident could have huge financial implications on sales, and this may result in reputational damage, or you may not be able to pay your staff their Christmas wages. It has also been known for cyber-attacks to cause enough damage that businesses have been left with no choice but to go into administration.

Online security doesn’t need to be complicated or stressful, following some simple steps can be the difference in you falling fowl of a cyber-attack. To help you prepare your business ahead of the Christmas break, we have produced a simple checklist of 8 things you should do to secure your business before you leave the office for the holidays.

You can view our checklist below or by downloading it here.

Heading Home For Christmas - Checklist

1. Update all devices, software and systems

Device manufacturers and app developers will release software updates that contain new features, fixes for bugs and performance improvements. They will often also contain security patches and new security features.

2. Be sure to install antivirus software and check it’s working

Cyber threats are constantly changing and adapting to break down our defences, so installing antivirus software has never been more important. Antivirus software creates a barrier against malware, which is malicious software or viruses designed to cause havoc on your devices.

You should have antivirus software on all computers and devices and should only install approved software on tablets and smartphones. It is also advised to prevent users from downloading third-party apps from unknown sources.

3. Create strong passwords and use a password manager

Passwords are the door key to your business and if you don’t feel comfortable giving someone your key then perhaps password123 isn’t the strongest password to use. Having a more complex password that isn’t a pet name, your favourite sports team’s name is a very good place to start. Take a look at our tips for creating strong passwords here.

If you’re using the same one for multiple accounts, the best practice is to change them using three random words and a password manager will help you remember them all.

4. Turn on multi-factor authentication

Multi-factor authentication , also known as two-step verification, asks for multiple verification factors before access can be gained to an account or system. Often the verification factor might be a one-time password where you are asked to enter a 4–8-digit code that you receive via email, SMS, or through an authenticator app.

Multi-factor authentication provides greater assurance that the access request is genuine, which reduces the risk of unauthorised access to sensitive data.

5. Backup and update your data

Take regular backups of your important data and test if they can be restored. This will reduce the inconvenience of any data loss from theft, fire, or other physical damage or ransomware.

Identify what needs to be backed up (usually documents, photos, emails, and calendars) and ensure the backup device is not permanently connected to the original device.

Also, be sure to keep your devices and soft­ware updated. Software vulnerabilities are security holes that offer an easy way for cybercriminals to infect your systems.

6. Do not promote your business as unoccupied

If you were leaving your home unoccupied to go on holiday, you wouldn’t post this on social media or announce it in an email to your whole organisation – so why would you treat your business holiday any differently? Many businesses are guilty of promoting they will be out of office during the festive period or that their offices will be closed during certain periods. In doing this, you are practically inviting hackers to explore the weaknesses in your systems and devices whilst you’re enjoying a Christmas break.

7. Make an incident plan should an attack occur

A cyber security incident response plan provides a process that will help your business, charity or third-sector organisation to respond effectively in the event of a cyber-attack. To help you minimise the impact of a cyber-attack we have created a Cyber Incident Response Plan for you to use.

8. Become a member of The Cyber Resilience Centre for the South East

Daily, businesses of all sizes in the UK are being targeted by cyber- attacks. Our FREE membership is easy to follow, quick to action and highly effective in helping your business to become more secure online. Register today at


bottom of page