Take that well-earned break without lowering your defences
Whether it’s a staycation or vacation, you deserve a break during this holiday season. Unfortunately, cyber criminals don’t really take holidays. If anything, they step up activities during holiday seasons, hoping that their victims’ defences will be down. We’ve seen this firsthand in Australia, where some of the most recent cyber attacks on our health sector have occurred on weekends or public holidays.
Just as you’ll take a few extra precautions to secure your home before leaving on a trip, we recommend taking a similar approach to your cyber security. We’ve gathered a few tips to help make your holiday season safe and secure.
1: Maintain your security posture over the break
The holiday spike in cyber activity is a well-recognised phenomenon internationally. The American Cybersecurity and Infrastructure Security Agency has recently published detailed guidance on holiday and weekend security, which is equally applicable to Australian audiences. 
2: Check your cyber resilience
Healthcare organisations should have an incident response plan that has been tested and coordinated with key stakeholders. Prompt response to a cyber incident can minimise the impact of an attack and can help prevent a reportable data breach.
Robust backups will always be the foundation of the recovery phase of a cyber-resilience strategy. Listen to our recent podcast on this topic for practical and authoritative advice. 
See also our previous blogs about the importance of cyber resilience; we encourage you to revisit that advice if you haven’t already implemented it.  
3: Enhance your security awareness for the year ahead
Holiday phishing campaigns surge at this time of year, with lures related to online shopping, parcel delivery or urgent payment of invoices. People are often very busy at this time and may succumb to holiday phishing attempts more easily than usual.
Elevated security awareness is your best defence against these kinds of attacks. So this may be the perfect time to hone your cyber security skills by undertaking our online digital health security awareness course. 
The course consists of 5 modules, each of which should take about 15 minutes to complete. This is a relatively small investment of your time that could help to set you up for a safer and more secure 2022. As a bonus, completion may qualify you for CPD points, which are always welcome!
The Agency’s cyber security team wishes you a happy, safe and secure holiday season.
 Cybersecurity and Infrastructure Security Agency. Ransomware Awareness for Holidays and Weekends. 31 Aug 21. Alert (AA21-243A). Available from: https://us-cert.cisa.gov/ncas/alerts/aa21-243a.
 Cybersecurity and Infrastructure Security Agency. Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends. 22 Nov 21. Available from: https://us-cert.cisa.gov/ncas/current-activity/2021/11/22/reminder-critical-infrastructure-stay-vigilant-against-threats.
 National Institute of Standards and Technology. Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide. Available from: https://csrc.nist.gov/Projects/cybersecurity-framework/nist-cybersecurity-framework-a-quick-start-guide.
 Australian Digital Health Agency. Cyber security: Backup – prepare for an emergency. 30 Nov 21. Podcast. Available from: https://www.digitalhealth.gov.au/newsroom/podcasts/cyber-security-backup-%E2%80%93-prepare-for-an-emergency.
 Australian Digital Health Agency. An opportune time to build cyber resilience. 29 Apr 21. Available from: https://www.digitalhealth.gov.au/newsroom/blogs/an-opportune-time-to-build-cyber-resilience.
 Australian Digital Health Agency. Expecting the unexpected. 22 Oct 21. Available from: https://www.digitalhealth.gov.au/newsroom/blogs/expecting-the-unexpected.
 Australian Digital Health Agency. Digital Health Security Awareness. eLearning course. Available from: https://training.digitalhealth.gov.au/course/view.php?id=14.