The holiday season is fast approaching. With it comes an increase in online shopping — which could mean an increase in cybercrime. With online sales expected to grow by 4.8% this holiday season, according to Salesforce, cybercriminals will look to exploit the surge in digital transactions. Employee cybersecurity should be very important for business owners at this time, as a data breach could result in the theft of customer information, financial losses and reputational damage.

All businesses are susceptible to cybercrime, but especially for companies with remote workforces, the holidays present an additional challenge in ensuring that employee cybersecurity remains strong. As of August 2023, over 10% of all workers in the U.S. were entirely remote, with an even larger percentage adopting hybrid schedules. This shift in work environments, while beneficial in some ways, has created new vulnerabilities as remote workers are increasingly targeted by cybercriminals. According to a study by Barracuda Networks, 46% of businesses experienced a cybersecurity incident within the first two months of shifting to remote work.

With increased online shopping and the rise in remote work, it is paramount that business owners give their employees the skills to avoid cybercrime. To protect your business during this high-risk time, here are five easy ways to improve your employees’ cybersecurity around the holidays.

1: Improve employee cybersecurity by educating employees on how to protect card data

When it comes to employee cybersecurity, knowing how scammers try to steal your information is half the battle. Online criminals often use a tactic known as phishing in which they create fraudulent websites, emails or text messages to steal credit card details or login credentials. According to the Federal Trade Commission, the most effective way to avoid falling victim to these scams is to recognize potential phishing attempts and avoid suspicious links or attachments.

Encourage employees to only use trusted websites when making purchases, to ensure that the site URLs begin with “https” for secure transactions and to never provide personal or financial information through text or email. Training seminars on recognizing phishing scams or even simple written guides on protecting payment information can help minimize the risk to both the employee and the company and support your employees’ cybersecurity.

2: Use spam filters and security software to avoid phishing scams

Phishing attempts increase during the holidays, mirroring the uptick in online shopping. So it’s critical to put proper tools in place to defend against them. Employee cybersecurity can be bolstered by using spam filters and advanced security software, which can help block malicious emails before they even reach your employees’ inboxes.

Phishing emails are designed to look legitimate, appearing as if they are from trusted sources like retailers or financial institutions, which can make them hard to spot. Spam filters and security software can help remove and flag these before they enter your inbox. Train employees to recognize common phishing techniques, such as emails from generic domains like gmail, hotmail or yahoo, that include urgent requests for sensitive information.

3: Advise your employees to use strong passwords and update them regularly.

The simplest way to protect your business from cyber threats is to enforce strong password policies for any important accounts. This strategy is also one of the most effective. Employee cybersecurity improves when employees are required to create complex passwords with at least twelve characters that include a mix of letters, numbers, and special characters.

Additionally, employees should avoid using the same passwords across multiple accounts, as one breach could leave them vulnerable to data leaks from multiple platforms. Updating these passwords regularly can help ensure the privacy of your accounts if they are ever compromised. Password managers can create, store and regularly update strong passwords for you.

4: Establish emergency response procedures in the event of an employee cybersecurity lapse

While it’s important to focus on prevention, these measures may not cover everything and businesses should be prepared to act quickly if a cybersecurity breach does occur to protect employee cybersecurity.

Establishing clear emergency response procedures can help ensure that employees know exactly what to do in the event of a data breach, malware infection or other cyberattack. This should include steps such as immediately disconnecting compromised devices from the company network, contacting your IT team and standardizing protocols for recovering data. According to IBM, creating formal incident responses helped reduce breach costs by half a million US dollars on average.

Employees should check if their device seems sluggish, if their battery is draining too quickly or if their device is making strange noises. All of these factors can indicate their device’s communications are being interfered with. Taking a proactive response by having employees report any suspicious activity, even if they think it’s minor, can help prevent some cybersecurity catastrophes before they spread.

5: Upgrade your employee cybersecurity by investing in cybersecurity tools

Investing in advanced cybersecurity tools such as cyber insurance or educational tools can give your business an extra layer of protection during the holidays. To help your employees’ cybersecurity, look for tools to prioritize security and help diagnose potential email threats. Another option to consider is cyber insurance, which can cover financial losses resulting from data breaches such as legal fees, notification expenses for affected customers, system repairs and even public relations efforts to manage reputational damage.

Cybercriminals are relentlessly innovative in their pursuit of company data as cybercrime costs the world over $10 trillion. The most practical way to avoid adding to that toll is by keeping your employees educated and responsible with their computer usage.