It’s that time of the year — employees are taking time off for the holidays to travel for leisure or to spend time with family. But the downtime doesn’t mean people will not be working, especially since the lines have gotten blurred by hybrid workforces brought on by the pandemic. Even if employees are “off,” there may be an expectation they will be checking in, and, in some cases, working remotely while visiting loved ones for the holidays due to more flexible work and time-off arrangements. 

There are two primary considerations businesses need to have when teams are operating in a hybrid work environment. First, the organization needs to have the ability to completely manage and support users and their devices remotely — including patching, anti-virus and malware programs and live assistance. Ad-hoc screen sharing for when problems arise simply won’t scale or provide the security needed while that employee is offsite.

Securing remote workers during the holidays can be challenging. There are three things IT professionals will want to remember this holiday season:

Phishing scams don’t take holiday breaks. 

Holiday phishing emails are rampant, and companies need to have good anti-phishing solutions deployed to combat them. Employees also need to be reminded to stay vigilant and not click on suspicious links or enter payment details on unknown sites. Since it’s the holidays, they may get emails with “your order” and “returns” that look authentic because they ordered gifts online.

Other scams to be wary of include emails asking the recipient to share personal information to redeem gift cards and false shipping notifications that come with malicious links or attachments designed to capture credentials. Other popular holiday phishing attempts are emails asking for information to confirm or complete a purchase; fake charity solicitations asking for donations; and notifications about cancelled vacations and/or travel itineraries. Organizations should provide employees with frequent cybersecurity training — monthly updates to keep threats top-of-mind are ideal. 

Identity Access Management (IAM) systems should be properly configured and tested.

Organizations must implement a robust Identity Access Management (IAM) system, which supports user policies across devices and SaaS applications, especially since remote workers rely on extensive use of cloud systems. Two-Factor Authentication (2FA) adds a layer of protection from passwords that may get stolen over the holidays. Procedures need to extend to every user and device no matter where they are physically located. IT technicians also need to ensure that IAM systems are properly configured and tested in advance of requests during the holidays to avoid any unexpected surprises. 

Be prepared for industry-wide events.

As we have seen, holidays have turned into the preferred time for attackers to launch zero-day attacks, and this holiday season, unfortunately, won’t be any different. The Cybersecurity and Infrastructure Security Agency (CISA) warned IT professionals to stay vigilant regarding the cyber risks associated with online shopping during the holidays. This means going beyond servers and cloud systems and being prepared to respond to endpoint threats on employee devices while they are traveling. Organizations should ensure they have remote monitoring and patching capabilities in case of an industry-wide, zero-day attack that impacts widely distributed operating systems and software. 

In conclusion, businesses should have the right technologies and processes in place to accommodate employees working remotely during the holiday season. Companies also need to do their part to ensure their teams are informed on the risks they face and be up to date on their cybersecurity awareness training, so they fully grasp their role in protecting their organization.