By Spencer Twede
Utah State Bar IT Director

Holiday celebrations with family, friends, and colleagues are upon us, and we’re all thinking about a lot right now. Who can pick me up from the airport? Did I send that donation, or is the envelope still on my desk? What am I going to gift to the neighbors? Will those holiday cards arrive on time if I mail them today?

We’re juggling so much that we can’t possibly pay attention to everything at once. And somehow, in the chaos, we’ve forgotten to order catering for the office party.

Cybercriminals know this all too well. They know we’re distracted, stretched thin, and operating with limited mental bandwidth.

One leading security firm reports a 30% increase in cyberattacks during holiday periods and a 25% increase in phishing attempts year-over-year. The Cybersecurity and Infrastructure Security Agency (CISA) have also warned that ransomware attacks spike during holiday weekends, highlighting an 82% increase in ransomware-related losses across just two recent years.

This all sounds scary, but the good news is that a few simple habits can go a long way toward protecting you, your clients, and your firm. Here are seven easy tips to help you celebrate with a bit more peace of mind:

1. Power Off Your Computer While You’re Away: Fully shutting down your work computer helps prevent remote access attempts or unauthorized use. An offline system is much
   harder to compromise than one quietly connected to the internet.
2. Beware of Urgent or Too-Good-To-Be-True Messages: Phishing attempts spike every holiday season. Scammers send fake tracking updates, “special holiday deals,” charity requests,
   or even urgent, spoofed client matters. Slow down before you click. Don’t let a moment of haste ruin your holiday.
3. Avoid Overly Revealing Out-of-Office Replies: An out-of-office message that announces you’re out of the country or unavailable until a specific date can signal to attackers
   that your attention is elsewhere. Keep it polite, brief, and vague.
4. Be Cautious on Public Wi-Fi: Travel often means connecting to airport, hotel, or café Wi-Fi. If you must use these networks, avoid accessing sensitive data
   without a VPN, and disable automatic Wi-Fi connections so you remain in full control.
5. Verify Unusual Client or Coworker Requests: Impersonation is easy and common. Be wary of unusual wire transfers, document access requests, or anything asking for your login credentials. Always verify unexpected requests using a known, separate communication channel.
6. Think Twice Before Posting Travel Photos: Sharing real-time vacation updates can create both digital and physical security risks. As you leave for the airport, you wouldn’t stop to put a sign in your yard saying you’re on the beach in Hawaii. Treat your social media the same way and save the posts
   for when you get back.
7. Don’t Leave Work Devices in Your Car: Theft increases significantly during the holiday shopping season. A stolen device isn’t just an inconvenience; it can be a serious data breach. Always bring laptops and tablets inside, even during quick errands.

Nobody wants to return from holiday break to discover their email was phished; client data is being held for ransom, or that a “co-worker” they hurriedly sent a gift card to was actually a scammer overseas.

A little extra care now can save a lot of trouble later. When it comes to cybersecurity during the holidays, a few simple steps really do pay off.

Spencer Twede is the IT Director of the Utah State Bar with a background in psychology and Spanish from Weber State University
and a Master of Science in Information Technology Management from Western Governors University. He has worked in technology
across multiple sectors, including support services for Apple and K-12 public education.