12 Days of Christmas Cyber Threats

Christmas, the time of holidays, presents and… cyber threats. It’s true, cyber-criminals know people are more relaxed at this time of year – offices are closing, and employees are getting ready to enjoy their well-earned holidays. What better time, when people are not on their guard, for hackers to strike.

Don’t start the new year with data loss or as a victim of cyber-crime. Here are 12 common cyber threats you need to prepare for before you close the office for Christmas:


Phishing is an attack in which the cyber-criminal poses as a trusted person or organization to trick potential victims into sharing sensitive information or sending them money. This can be done by email, text or voice messages or live calls.


Malware is intrusive software designed to interfere with a computer or transmit information to a third party. Malware means:

  • Spyware – a hacker accessing your computer’s files and data.
  • Adware – spamming your computer with pop-up ads.
  • Ransomware – disabling an entire network until you pay a ransom.
  • Keystroke tracking – logging your keystrokes, including passwords.

3.Human error

Your weakest data link is often your employees. This is doubly true at Christmas when people are more relaxed and getting ready to shut down for the holidays. Human error includes:

  • Data leaks.
  • Password vulnerabilities.
  • File overwriting or deletion.
  • Shadow IT.

4.Credentials theft

Once an attacker gets hold of user credentials and passwords for your business, they can sell this sensitive information in the cybercrime underground known as the Dark Web or use it to compromise your network and steal data.

5.Insider Threat

According to the 2021 Verizon Data Breach Investigations Report, 34% of all deliberate data breaches involve insiders. This could be any disgruntled employee, executive or contractor who works directly with your organization and deliberately misuses data to cause harm or for personal gain.

6.Weak Passwords

When was the last time your employees changed their passwords? Most people use the same password for multiple sites. A weak password makes it easy for hackers to break in then explore how many times they can exploit the same email and password combination, gaining to access bank accounts, social media, emails or other personal sites.

7.Social engineering

Social engineering involves cyber-criminals pretending to be an important person in the organisation, often over the phone, then tricking employees into handing over access to data using the excuse of urgency or fear of reprisal.

8.Data exfiltration

Data exfiltration is the theft, deletion or movement of data by an unauthorized user. When performing a cyber-attack, hackers often target sensitive data. They may use this data for identity theft, sell it in the underground economy or hold it to ransom.

9.Badly planned backups

A data backup plan is just that – a plan – unless it is regularly tested. Badly planned backups or backup errors mean your data is at risk. It is vital to fully test and confirm your backups before closing for Christmas to avoid any data loss or emergencies in the new year.

10.Patched devices

Patches fix known flaws in software products. If your system isn’t up to date with the latest patches, hackers can use these vulnerable points to gain access to your data. All they need is a way in.

11.Internet of Things (IoT)

Hackers can gain access to smart devices that use Wi-Fi and exploit them for denial-of-service or ransom attacks. Smart speakers, security cameras, Smart TVs, think about how many devices are in your workspace. Hackers have begun developing high-level software specially designed to attack smart devices. Typically, these devices have low levels of security and a wealth of personal information making them hugely attractive to cybercriminals.

12.Environmental threats

Serving wine at the office Christmas party? Got a leaky roof in your building? Spills, leaks, flood and fire risks are serious data threats. What happens if there’s a power outage over the holidays? Is your data protected from natural disasters, physical intrusion, and energy issues?

How can I protect myself?

As cyber-attacks become more sophisticated, it’s important to know how to protect yourself and your business. The best way to do this is to seek professional advice.

At Vitanium we can help you protect your data. Let us manage your data protection, backup, and recovery, so you can get on with managing your business.

Call us on 44 (0)345 258 1500 or get in touch and we’ll be happy to advise you.