Sales: (877) 516-0218
General: (678) 695-5500

Are You on Santa’s Cybersecurity Nice List, or Naughty?

Santa's going over his nice and naughty cybersecurity lists. He sits at a laptop and gives a thumbs up to the camera. There's a Christmas tree behind him.


This time of year, hackers are making their lists, checking them twice, and going after unsecured businesses. If you’ve been lax in your cybersecurity policies, you’ve made the hackers’ “naughty” list, and you’ll have a lot more to worry about than coal in your stocking. But if you’ve been “nice” and practiced cybersecurity best practices, Santa might be bringing your company some bonuses, accolades, or other presents.  

In order to help your company prepare for the holidays (and all days, really!) we’ve made this list of 5 naughty and 5 nice cybersecurity practices.  

If your company’s guilty of these first 5 practices, it’s time to start being extra good.  

5 Naughty Cybersecurity Practices: 

1. Thinking Security is too Burdensome 

We’re starting this article off with a whammy. Many of the other practices on this cybersecurity naughty list are a direct result of this mentality; if you think security isn’t worth it, a cybercriminal will eagerly show you why it is. Cybersecurity is integral to your business, the same way that employees, technology, and customers are integral. Sure, it takes time and money to bulk up security, but recovering from a cyberattack costs even more time and money.  

2. Poor Password Policies 

If you want to give a cybercriminal a gift this year, all you need to do is practice poor password policies. The hacker will eagerly figure out your password, jump into your network, and steal your files. And don’t worry, the hacker’s not picky—to him, poorly hidden passwords, easily guessable passwords, and openly shared passwords all sound great! 

3. Lack of Employee Knowledge  

Can you believe some people think Santa isn’t real?? Shocking, we know. Equally shocking is the lack of employee knowledge concerning your company’s IT. Sometimes, an employee may use a piece of tech but not know how it works. They might not understand the tech’s value to your company or what to do if it needs an update. While an employee doesn’t need to know everything about your company’s tech, he should know the basics, especially when it comes to tech he works with daily.   

4. Lack of Physical Security  

If you want to keep out a burglar, you install locks and cameras. If you want to keep reindeer off your yard, you might put up a fence. And if you want to keep hackers out of your files, you need physical, workplace security. This security includes everything from access badges to fire alarms. Without these securities, your business is more susceptible to robberies and natural disasters, which can destroy not just your files, but also your office. 

5. Lack of Future Planning 

If Santa didn’t plan ahead, how could he deliver so many presents each year? Just like Santa, your company needs to plan ahead for anything unexpected. One way of preparing for the future is by making a business continuity plan, or BCP, which will help your company recover from outages and cyberattacks. With a clear RTO and RPO, your company will have a better idea of the steps it needs to recover.  

These 5 worst cybersecurity practices are all big no no’s, and they’ll put you at the top of Santa’s naughty cybersecurity list. No company wants to be on that list, not when cybercriminals get to see it, too.  

But what about best practices? How can your company show Santa (and your stakeholders) that you’ve been extra good this year?  

Fortunately, for every naughty practice there’s an equally nice one. Here are our top five:    

5 Nice Cybersecurity Practices:

1. Multi-Factor Authentication and Single Sign On 

Multi-factor authentication (MFA) and single sign on (SSO) are necessary for a company’s security. MFA alone reduces the risk of successful attacks by 99.9%. Essentially, MFA acts as a second layer of security, and it protects your company via extra credentials. SSO then streamlines the log-in process by letting you access all accounts through a single portal. (It’s kind of like Santa going down one chimney and delivering every present at once!). 

2. Backups and the Cloud 

If your data is lost or stolen, it’s gone. Unless you have backups, of course. Backups act as copies of your data, and they allow you to recover that data once it’s been taken. Relatedly, you can store and/or backup data via the cloud; this data will be encrypted, thus making it harder for hackers to steal. Additionally, you’ll be storing your files off-site, so you’ll be able to access them remotely whenever you want.    

3. Testing  

If Santa didn’t test his toys, who knows how many children would wake up to broken dolls and action figures? Similarly, it’s important that a company constantly tests its cyber security from every angle. This means testing your backups, your employees’ ability to spot a phishing attempt, your BCP, etc. If something’s not working, it’s time to fix it. And if an employee doesn’t know something, it’s time to teach him.  

4. Employee Training  

No matter how good your tech is, a single employee can leave you vulnerable. You’re only as strong as your weakest link, so you’ll want that weak link to be stronger, too. Spend time training employees on how to use tech, why they should value it, and how it influences your company. In order for a company to truly be cybersecure, every employee must be actively working toward that security. 

5. Update, Update, Update 

New tech only stays new for so long. There’s going to come a time when that tech simply isn’t up to snuff and hackers figure out its vulnerabilities. When this happens—or better yet, before it happens—you’ll want to update your software and cyber security policies. If new threats require new responses, make sure to implement them. And if new antivirus or other software is needed, it’s integral that your company has it. 

The best present you can give yourself this holiday season is the gift of cyber security. A company with enhanced cyber security is a better company all around. So, take a second look at these policies. Has your company mostly been naughty, or nice? If your company’s mostly been naughty, Santa has some stern words for you. And if your company’s been super nice, that’s great! Make sure you continue being good all year round, and check out other ways to start your new year off right. 




Join 30K Business & IT Professionals by signing up for our email list to receive updates on IT and Cybersecurity directly in your inbox.