December 06, 2022

Holiday Data Security Tips

For many businesses the holidays are a quieter time. With more staff taking time off, companies may be operating with a skeleton team. Often, employees still working can be distracted as they look forward to the upcoming holiday season, but businesses can’t let their guard down. Hackers and other bad actors don’t take vacations and prey on companies during this more vulnerable time. Information protection practices should remain top of mind. Shred-it® has outlined a few strategies employers can implement to help protect their sensitive data and keep the holiday season merry.

Establish a clean desk policy. This policy helps ensure physical documents are shredded or contained in a secure location and that all technological devices are password protected each time an employee leaves a workspace. A clean desk policy reduces the chance of employees forgetting sensitive documents on their desks for a long period of time during the holidays. Introducing a clean desk policy early in the year helps to make it second nature by December. Another way to help protect physical documents is a policy, which encourages the shredding of all documents to help ensure confidential information doesn’t fall into the wrong hands.

Implement a fraud hotline. According to the Association of Certified Fraud Examiners’ 2022 report on occupational fraud1: 42% of all frauds were detected by tips, and more than half of all tips came from employees. Additionally, organizations with hotlines detect fraud more quickly and have lower losses than organizations without hotlines.

Create a culture of security with a comprehensive information security policy. Larger organizations should have a security committee headed by a Chief Information Security Officer. The committee can develop a robust data security policy that meets the rules and regulations for the country of operation and industry. The security committee will also determine ongoing employee training. Smaller organizations should find a trusted third-party data security partner that can help establish comprehensive digital and physical data protection policies. A security partner can also help small businesses navigate complex regulations and assist with employee training.   

Educate staff on the latest cyber scams. Businesses have good reason to worry about cyber issues during the holiday season. With an influx of holiday messaging via email and text messages, hackers can easily disguise dangerous links as discounts or simple holiday wishes, called phishing. Companies should train their staff to be wary of these messages and to verify the sender’s information before opening certain links.

Restrict access. Employees that work over the holidays may decide to work from home as opposed to an empty office. Make sure staff are only taking home the documents they need and implement a remote work policy to help ensure data is secure when working outside of the office. Employees should not be able to access more information than they need to complete their jobs.

Develop an Incident Response Plan. If a data breach occurs, companies must be ready with clear instructions on how to respond. An incident response plan is a documented, written plan for IT (Information Technology) professionals and staff, which details specific actions that will mitigate the effects of a data security issue. These plans will help save time and reduce staff stress should a data breach occur, as it keeps all personnel aware of their assigned duties. Without a plan and designated tasks, companies can risk worsening the incident and damaging their reputations and budgets.

Help keep your holidays happy by downloading our infographic for holiday data security strategies.

[1] Occupational Fraud 2022: A Report to the Nations. Copyright 2022 by the Association of Certified Fraud Examiners, Inc., available at

Get the Infographic