We are just a few days away from Christmas holidays and many people have already gone to their well deserved vacations. When companies are under staffed and resources are allocated only to critical business operations – the attackers have a window of opportunity.
In December, people are trying finish their remaining tasks (which can end up being higher workload than usual) in a rush and are at the same time distracted more than at any other time of the year.
In 2022, a study made by a cybersecurity training company ThriveDX found that ransomware increased by 30% during the holiday season. Fake websites (and hacked websites) are being used to steal credit card information from the holiday shoppers and delivery scams are going after personal and other financial information.
Keeping WordPress sites and customers safe during holidays
To make sure you’re not “surprised” with a gift of a hacked website or an angry customer phone call in the morning of the Christmas Eve, it’s best to take some extra care of the websites you manage before heading off.
Updating the websites and making sure the WordPress core version, plugins and themes are up to date is essential. If you haven’t done so yet, getting rid of any outdated and deactivated or even abandoned plugins is also a must.
If you’re managing a team who has access to the sites, make sure to remind them about the increased volume of attacks so they know to be more vigilant and to avoid using their work devices when hunting down deals for Christmas presents around the web.
Stay proactive and encourage customers to do the same
Building a website and managing it for the customers means you’ve taken at least some responsibility of the digital presence for your customers. However, they have their own part in this – so it’s always good to remind them to be mindful of the scams and threats that may be after their login credentials and other information.
For example, last week, Datadog released a threat research article where over 390,000 credentials which believed to be for WordPress accounts were discovered. A great time of the year to check haveibeenpwned.com, enforce a stronger password policy and make sure 2FA is used where ever possible.