top of page

12 steps to protect your business from cybercrime this Christmas

Out of office doesn't mean out of mind - remember to keep your business secure over the Christmas holidays!

Picture this; the clock is close to striking five on Friday 24th December, keys in hand you’re ready to lock the office doors and send your staff home for the holidays. You’re already daydreaming of relaxing by the fire with a glass of mulled wine. But this all gets rudely interrupted at 4.55 pm when all your systems go down.

Would you know who to call if you found yourself in this situation? What actions would you take if it was on Saturday or in between Christmas and New Year’s Day? Would you know how to reach your key contacts if there was a total system lockout?

At Christmas, when your business defences are down and where the majority of the workforce is out of the office, there is a prime opportunity for cybercriminals to strike.

In the days leading up to 4 July, a cybercrime gang infiltrated US IT firm Kaseya and posted a $70m ransom demand on the business’ blog on Independence Day. It had global repercussions affecting more than 1,000 companies in their supply chain.

But you don’t need to be turning over millions to attract the bad guys, in fact, it’s the micro and smaller-sized enterprises that are uniquely at risk. Your business’ digital door may be shut but are you confident that it’s locked securely? It doesn’t take much for hackers to barge their way in and gain access to sensitive data and if vulnerabilities aren’t appropriately identified and fixed, you could end up being repeat business for online criminals.

A report by telecoms giant Vodafone found that more than 1.3 million small and medium-sized businesses across the UK could fold given the cost of an average cyberattack, which government data states is nearly £8,500 - a sobering thought indeed. We hope this never happens to you.

Ways to protect your business this Christmas

Organisations and business owners are now gearing up for the Christmas period, which means radars should be on a higher alert due to increased risk exposure and more of your staff heading off for annual leave.

We can’t stress enough how important having a security plan is for SMEs like yours. The National Cyber Security Centre has provided preparatory guidelines in five simple steps - think of this invaluable resource as your response and recovery bible - to weaken some impact should an attack occur.

12 Tips to stay secure this Christmas

  1. Use a Password Manager to keep track of your passwords - don't write them down on post-it notes!

  2. If you receive a scam email or text message, don't click any links or attachments if you’re unsure that it is genuine. Clicking a link in a phishing email could download viruses onto your computer, or steal personal information. Send them to the Suspicious Email Reporting Service: and forward any suspicious text messages to 7726.

  3. If you purchase any new devices this month, don't forget to install the latest updates and patches. Installing the latest updates can stop criminals from exploiting faults in old systems or software.

  4. When you use different passwords for your important accounts, it can be hard to remember them all. A good way to create strong, memorable passwords is by using 3 random words. (For example; purplehollypudding71!).

  5. Avoid giving hackers the toolkit to attack your website, make sure you have a website firewall installed, update your CMS and control access management.

  6. When creating backups, keep them separate, in a different location from your network and systems, or in the cloud.

  7. When you're out shopping use mobile data or hotspot devices instead of public Wi-Fi where possible.

  8. Don’t advertise when you’re out of the office for your Christmas party and post the office Christmas party photos after the event. Cybercriminals might try to hack your systems if they know staff are away.

  9. Keep your social media accounts secure by making sure you know which staff members have access and which devices are signed into each account.

  10. Two-factor authentication (2FA) ensures that any new device trying to log in or make account changes needs a second layer of security before access is given. 2FA includes single-use codes being sent via SMS, email, phone, or smartphone application.

  11. Download the NCSC's Cyber Security Guide for Small Businesses for an overview of the basics.

  12. Stay secure when you’re heading back to the office with guidance from the NCSC.

Got a security plan in place but want further support? The Cyber Resilience Centre for the West Midlands can assist you with additional options:

Security Awareness Training – the key to security awareness training is to equip all your employees with a level of awareness to combat online threats. Following this training, your employees will be able to confidently identify which clues to look our for that indicate threats or possible attacks, and know how to respond when they see them.

Cyber Essentials – this is a government scheme that helps you make your business more resilient against cyber-attacks. Cyber Essentials includes £25k insurance for SMEs and also immediate access to a helpline to support you in the early stages of a cyber-attack. So there’s someone there for you 24/7/365. To find out more about that process, we have a number of trusted partners who can work with you to achieve the qualification.

Our aim is to lend a hand to SMEs in the West Mids of England, so please do get in touch if you want to know more about this or anything cyber-related. Here’s to a restful and problem-free Christmas and a Happy New Year!


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page