The Costliest Mistake of December
Picture this: it’s December 27th. An employee checks their email from a chalet in the Eastern Townships, using their personal laptop connected to the local Wi-Fi. A simple action, done in a relaxed setting, turns into the entry point for a major breach of the company network. It’s a more common scenario than you might think. During the holidays, businesses of all sizes tend to let their guard down. And cybercriminals know it.
Holidays and Increased Vulnerability: A Predictable Cocktail
The holiday period brings together multiple risk factors. IT teams often run with reduced staff. At the same time, remote access surges as employees check in on projects or answer a few urgent emails. The festive atmosphere, reduced alertness, and unsecured networks all contribute to heightened exposure to cyberthreats. According to a study by Euler Hermes and the DFCG , cyberattacks increase by over 30% during the holiday season. It’s open season for malicious actors.
Between Carelessness and Risky Habits
Many remote work mistakes stem from habit or lack of awareness. For example, temporarily sharing passwords or skipping multi-factor authentication (MFA) can expose corporate systems—even from home.
What to Put in Place Without Overcomplicating Your Team’s Life
Rather than blocking everything, it’s better to implement simple, realistic safeguards. Require MFA on critical tools (email, project platforms), and raise awareness about the dangers of using public Wi-Fi. These are easy-to-apply actions, even for small teams. A short video reminder or a message via Teams before the holidays can go a long way in reinforcing best practices.
The Role of IT Managers: Planning Ahead
Prevention starts with organization. Before the holidays, IT managers should confirm that there’s a clear incident response plan in place and that someone is designated to respond if needed. They should also ensure critical systems are updated, temporary access permissions are revoked, and backups are tested. These are basic yet often overlooked steps due to time or resource constraints.
Another simple but often forgotten measure is to shut down all systems that won’t be in use during the holidays. If your business is closed for two weeks and no one will be on site, it’s strongly recommended to power down non-essential servers and workstations. A system that’s turned off is, by definition, unreachable by attackers.
Enjoy the Holidays Without Leaving the Door Open
The real question isn’t whether remote work should be allowed during the holidays, but rather how to do it securely. By preparing access in advance and training users, you can avoid major pitfalls while preserving the flexibility your teams need.
The solutions are simple and realistic—as long as they’re implemented with care. A bit of planning goes a long way in protecting sensitive data without disrupting operations.
in your taskbar.