Safeguarding Against Holiday Season Phishing and Cyber Threats

AAFCPAs would like to remind clients that the period between Thanksgiving and New Year’s is a prime time for phishing and other malicious cyberattacks. Cybercriminals take advantage of increased internet shopping, debit/credit card use, and the influx of holiday offers to deceive individuals into disclosing sensitive information. Now more than ever, vigilance is required in both your work and personal lives.

Key Safeguards for Staying Safe During the Holidays

AAFCPAs recommends several safeguards to protect against phishing and other cyber threats.

• Verify Emails and Links. Cyber criminals frequently send emails that appear legitimate but contain harmful links. Always verify the sender and hover over links to check the URL before clicking.
• Enable Multi-Factor Authentication. Adding multi-factor authentication to your accounts provides an added layer of security by requiring a second form of identification. This can significantly reduce the risk of account breach even if login credentials are stolen.
• Use Strong, Unique Passwords. Reusing passwords makes it easier for scammers to access multiple accounts. Strong passwords, including numbers, letters, and symbols, add another layer of security.
• Update Software and Devices. Keeping devices up to date is crucial, as outdated systems may become vulnerable to attack. We also recommend installing security patches as soon as they become available.
• Use Caution With Unsolicited Offers. If a deal seems too good to be true, it likely is. Follow best practice and visit the retailer’s website directly versus clicking links in an unsolicited email.

Keep Your Workforce Safe

AAFCPAs uses KnowBe4 as part of its IT & Cyber Security Assessments and Vulnerability Management as a Service. KnowBe4 offers a range of resources to help employees recognize and avoid phishing scams. Below are three key areas of risk along with helpful tools to distribute to your team.

• Rogue URLs. Phishing emails often contain malicious URLs that direct users to harmful web pages. KnowBe4’s Red Flags of Rogue URLs PDF is a helpful handout explaining how to easily recognize those threats and avoid clicking potentially harmful links.
• Mobile Attacks. Cybercriminals are increasingly targeting mobile devices. KnowBe4’s infographic 20 Ways to Block Mobile Attacks highlights the importance of using as much caution on your phone as you do on your PC. It also reminds employees about important actions they can take to protect their mobile data.
• Social Engineering Scams. Attackers often manipulate recipients through social engineering, making it seem urgent to click a link or open an attachment. The Social Engineering Red Flags PDF is another valuable resource that equips employees to recognize these tactics and avoid falling for them.

We encourage you to forward this email to team members and remind them both now and periodically throughout the year of their role in safeguarding company data. By working together, we can help to ensure your systems and data remain protected during the holiday season and beyond.

How We Help

AAFCPAs helps companies identify and mitigate vulnerabilities across servers, software, workstations, phone systems, printers, and employee devices. We offer peace of mind to those charged with risk management and help to improve your security posture. Today’s infrastructure is complex. Between cloud infrastructure and on-premises servers in your data center combined with on-site and remote employees, it is more important than ever to inventory devices and assets and to consistently assess vulnerabilities.

If you have questions, please contact Vassilis Kontoglis, Partner, Analytics, Automation & IT Security at 774.512.4069 or vkontoglis@nullaafcpa.com—or your AAFCPAs Partner.