According to Everywhen, the summer months present a unique combination of operational challenges that can make organisations more susceptible to fraud, phishing attacks, and business email compromise. This can happen despite there being no change to their underlying technology or cyber security systems.
With decision-makers away from the office, payment approvals delegated to colleagues, employees working remotely or from holiday locations and teams operating with reduced capacity, cyber criminals are increasingly exploiting what security professionals describe as a natural "window of opportunity".
Rather than targeting weaknesses in technology, many modern cyber-attacks rely on exploiting normal human behaviour. Criminals know that when colleagues are unavailable, verification processes are slower, familiar contacts are harder to reach and urgent requests are less likely to be challenged.
Neil D’Mello, Client Director at Everywhen, said: "Cyber criminals don't need businesses to lower their security standards during the summer; they simply need normal business routines to change. When key decision-makers are on annual leave and approval processes are delegated, attackers have a greater opportunity to exploit uncertainty.
"The majority of successful cyber fraud doesn't begin with sophisticated hacking. It begins with someone receiving what appears to be a legitimate request and making a perfectly understandable decision, based on the information available to them. Summer simply creates more of those moments."
Everywhen believes that one of the most overlooked risks comes from temporary changes to everyday business processes. Payment approvals, supplier queries and requests for access are frequently handled by colleagues covering annual leave, while out-of-office messages can unintentionally provide criminals with valuable intelligence about who is absent and who has taken over their responsibilities.
At the same time, employees are increasingly accessing company systems while travelling, using unfamiliar networks or working outside their normal routines. Although security controls remain unchanged, the volume of legitimate but unusual activity makes genuinely suspicious behaviour more difficult to identify.
The insurer believes the increased exposure is not the result of employees becoming less security conscious, but because the informal checks and conversations that often prevent fraud naturally, become less accessible during holiday periods.
Neil D’Mello added: "Preparation is far more effective than reacting, after an incident has occurred. Businesses don't need to introduce complicated new controls every summer, but they should review how critical decisions will be made while colleagues are away. Clear approval processes, simple escalation routes and ensuring employees know which controls should never be bypassed can significantly reduce the opportunity for fraudsters.
"Summer should be a time when people switch off from work, not when businesses inadvertently switch off the safeguards that protect them. A little planning before the holiday season can make a significant difference should criminals attempt to take advantage of reduced staffing levels."
|