December 16, 2021

The Biggest 2021 Holiday Cybersecurity Threat Might Surprise You

Christopher Pin

The holidays are here and consumers are flocking to store fronts both online and in person. Meanwhile staff are getting in last minute vacations and seasonal hiring is booming across retail, logistics, and several other industries. All this combines to make a perfect storm for cyber-attacks. But what might surprise you most is that the biggest problem for companies may not be made of ones and zeros; it’s flesh and bone.

The People Challenges of Seasonal Security

You read that right: Some of the biggest cybersecurity threats to companies this time of year are actually due to seasonal hires. Yes, there are more attackers out there because there is considerably more consumer data moved around both in and out of the company. But the retail industry will face significantly more “people” challenges than other key industries.

The major vulnerability is generally new hires who will only be on payroll through January or February. Due to this short employment tenure, companies often shortcut onboarding trainings, including data handling procedures, cybersecurity training, and other education in order to get their workforce up to speed and working faster. Lest that surprise you, consider that some of the expected influx of 2021 seasonal workers for retail giants such as Target and Amazon ranged from 100,000 to 150,000 short-term hires.

Added complications in 2021 is a rise in retail employee turnover, which exceeded 60 percent up through July. This doesn’t only include floor workers: It includes IT security staff turnover as well.

All of these become potential targets for attackers looking to breach a company’s cybersecurity defenses. A lack of security knowledge and support becomes an ever-present threat, not just a seasonal one.

Reducing Holiday Cybersecurity Complications

So what can companies do to help reduce the overall threat their new employees pose without delaying their time to work? One obvious solution is to turn the number one threat—seasonal employees—into the first line of defense by maintaining an effective security awareness program.

Additionally, ensure IT teams have adequate support. As online purchasing surges during fourth quarter holidays, retail IT teams can become overloaded. Turnover also impacts these teams, and a shortage of IT staff could mean that important security alerts aren’t addressed. Ensure they know how to recognize and respond to suspicious emails or phone calls. Security training can also help retail organizations comply with myriad data compliance mandates.

However, even the best-trained or best-supported employees may not be able to stop certain kinds of cyber-attacks. This is where implementing data discovery and data awareness is vital. Not only will these defenses allow you to properly prioritize the required data sets for the holidays, they’ll also help power things like role based access control (RBAC) and data encryption efforts, which in combination with Multi-Factor Authentication (MFA) can help substantially reduce the overall risk that seasonal hires pose to your company’s data landscape.

Adding automation to your security stack can also help mitigate reduced manpower by regularly scanning for sensitive data and automatically triggering remediation responses based on pre-determined policies. PKWARE’s PK Protect data protection suite provides automated, reliable data discovery and remediation solutions that keep businesses moving forward through the ebb and flow of both business volume and personnel. PK Discovery digs deep to find every place across the enterprise where sensitive data may be stored, from databases and data lakes to laptops and even mobile devices—especially helpful considering that the holidays are a popular time to receive new devices. Once data is discovered, policies can trigger remediation via PK Encryption and/or PK Masking to provide both reversible and irreversible protection to data wherever it lives and travels. And as retailers collect more and more personal consumer data through the holiday shopping boom, PK Privacy enables organizations to respond quickly and accurately to Data Subject Access Requests when savvy consumers want to understand what data you hold on them and request correction or deletion as appropriate.

The holidays are a time of cheerfulness and joy for all—including attackers and data harvesters. Keep even season employees engaged with data security and reduce your risk of a Grinch stealing your important data with the help of PKWARE. See how our solutions keep your data protected all year long by requesting your personalized demo here.

Share on social media
  • Apr'24 Breach Report-01
    PKWARE April 17, 2024
  • Data Retention: Aligning Data Protection Strategies with Compliance Requirements
    Ben Meyers March 13, 2024
  • Data Breach Report: March 2024
    PKWARE March 8, 2024
  • PCI DSS 4.0 Compliance: Safeguarding the Future of Payment Security
    PKWARE February 22, 2024