Scam emails target UK businesses over festive period

-

Research conducted by technology services provider Probrand has found that 43 percent of UK businesses are targeted by scam emails, with incidents increasing significantly during the festive period.

The study, which analysed hundreds of small to mid-sized organisations, found that 83 percent of employees have received scam emails from individuals impersonating senior staff members. A separate study by Semperis found that 86 percent of businesses experiencing ransomware attacks reported incidents occurring over weekends or holidays, when staff numbers were reduced.

The risks are compounded as employees often use unsecured public WiFi networks while travelling, or rely on reduced staffing and unfamiliar colleagues during holidays, leaving businesses exposed to cybercriminals. Despite this, only 19 percent of businesses have tested their employees’ responses to phishing attempts, and over a third (36%) have not implemented measures to prevent future attacks.

Holiday Cybersecurity Risks

Scammers frequently exploit the festive spirit by impersonating CEOs or senior executives in what is known as Business Email Compromise (BEC). These emails often contain urgent requests for gift cards, vouchers, or financial transactions, making them a significant risk for businesses that fail to train employees to identify phishing attempts. Only 19 percent of organisations have conducted phishing response tests, while 81 percent lack a valid disaster recovery plan for addressing major cybersecurity incidents.

HRreview Logo

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

Matt Royle, Marketing Director at Probrand, said, “Scam emails are on the rise, and in the business world these are often labelled as phishing attacks; emails that trick victims into doing something. As businesses prepare for the festive season, it is vital to remain vigilant against potential increased cyber threats.

“The festive period is prime time for cybercriminals, exploiting a busy time followed by a period of reduced staffing with often new tactics like spurious eChristmas cards, that prompt staff to click. Our research revealed 48% of UK businesses don’t currently offer cyber security training to staff, and employee awareness is the number one way to lock down threats early.

“That is why it’s so important for UK businesses to provide continuous cybersecurity awareness testing to all employees. This will help keep them consistently aware of the latest tactics being used, and help them identify and act upon cyber attacks to minimise the risk of financial impact on their organisation.

“On top of this, it’s important for businesses to communicate policies and advice during this festive period to minimise risk.”

Best Practices for Cybersecurity During the Festive Season

The findings call attention to the urgent need for businesses to adopt comprehensive cybersecurity measures during high-risk periods such as the festive season. While Probrand’s research highlights these vulnerabilities, the organisation has also provided key recommendations to help businesses mitigate threats:

  1. Minimise Risks on Public WiFi
    Employees working remotely or travelling during the holiday season should avoid accessing sensitive business accounts or files over public WiFi networks. Using Virtual Private Networks (VPNs) and disabling auto-connect features can help safeguard data from interception.
  2. Train Staff to Identify Phishing Emails
    Providing employees with training to recognise phishing attempts, such as misspelt domains or unusual requests, is essential. Organisations should encourage employees to report suspicious emails to their line managers or IT teams.
  3. Establish Central Communication Channels
    Ensuring a centralised communication platform, such as Microsoft Teams, enables staff to report suspicious activity easily, even during reduced staffing periods. Maintaining a clear list of on-duty employees and their roles can also help identify fraudulent communications.
  4. Implement a Crisis Plan
    Creating a detailed incident response plan is critical to minimising the impact of a cyberattack. Developing a recovery playbook and ensuring all employees understand their role in the plan will help businesses respond effectively to cybersecurity threats.

Alessandra Pacelli is a journalist and author contributing to HRreview, where she covers topics including labour market trends, employment costs, and workplace issues.

Latest news

Russell Cowley: Gen Z – rebuilding workplace culture, break by break

Gen Z workers are taking proper breaks and in doing so, they may be fixing something the rest of us broke.

England’s overnight World Cup clash and 5am pub opening prompt CIPD advice

The CIPD is urging organisations to agree any flexibility before England's 1am World Cup last-16 tie to help minimise disruption at the start of the working week.

Fit for Work: Weekend warrior? You can still reap the health benefits

Weekend exercise can still improve long-term health, even for people who struggle to fit physical activity into the working week.

Superdry co-founder’s victim warns workplace power can silence abuse victims

A survivor's account raises questions about speaking-up cultures and accountability in organisations.
- Advertisement -

UK’s always-on work culture ‘driving employee burnout’

Nearly half of UK workers say they end most working days mentally exhausted as rising workplace pressure leaves employees and managers struggling to switch off.

Andrew Murray on why no two days look alike

A people development leader shares how travel, training and a passion for helping others shape a working day with little room for routine.

Must read

Faith Franz: Jobs with the Highest Risk of Asbestos Exposure

The National Institute for Occupational Health and Safety (NIOSH)...

Gagandeep Prasad: Maternity discrimination, unfair dismissal and sex discrimination

Discrimination against women in the workplace is once again...
- Advertisement -

You might also likeRELATED
Recommended to you