Holiday Cyber Readiness Checklist

Written By Liz Deranja

It’s the most wonderful time of the year…for hackers? Yes, unfortunately. The holiday season features an uptick in traffic and more distracted employees, causing cyber attacks to increase by an average 30% for online retailers and ecommerce businesses.

So what can you do to minimize the chances that your business becomes a victim this holiday season? We put together a checklist for businesses to use to make sure their Cyber coverage is wrapped up tight.

1. Core Cyber Hygiene

  • All employees, including seasonal hires, completed cyber awareness training in the last 60 days.

  • MFA (multi-factor authentication) is enabled on all admin, POS, and payment systems. All

  • software and plugins (especially e-commerce or marketing tools) are updated and patched.

  • Backups are tested, isolated, and cannot be reached from your main network. Passwords and

  • credentials are stored securely (not shared via text or email).

2. Retail & Transaction Security

  • Web and payment portals use HTTPS and tokenized payment processing.

  • Fraud and chargeback thresholds are reviewed before high-volume sales.

  • Access for temporary or seasonal staff is limited and revoked when contracts end.

  • Suspicious login or transaction alerts are enabled (and routed to the right people).

  • Gift card and coupon systems are monitored for unusual activity.

3. Vendor & Supply Chain Controls

  • All third-party vendors (especially IT, logistics, and POS providers) have MFA and cyber insurance.

  • Vendor access is reviewed and restricted to only what’s necessary.

  • Incident response contacts for vendors are up to date.

  • A contingency plan exists if a critical vendor or system goes offline.

4. Incident Response Readiness

  • Incident response plan has been reviewed within the last 6 months.

  • Contact information for your insurer, IT provider, and legal counsel is readily available.

  • You’ve run at least one tabletop exercise or simulated phishing test this year.

  • Data breach notification templates and procedures are prepared.

5. Cyber Insurance & Risk Transfer

  • Current policy includes coverage for ransomware, business interruption, and social engineering.

  • Coverage limits reflect your peak seasonal revenue (not just annual averages).

  • You know your retention (deductible) and what triggers coverage.

  • Policy includes vendor and cloud-service incidents.

  • You’ve reviewed exclusions (especially around third-party platforms and payment systems).

Bonus tip

Schedule a 15-minute Cyber Coverage Audit before peak season to ensure your controls and coverage align. A quick review now can prevent a five-figure loss later.

Don’t wait - spots are filling up fast! Schedule now

Liz Deranja
Previous

What’s Driving D&O, Cyber, and E&O Premiums for Mid-Market Tech in California for 2026
Next

The AI Company’s Risk & Insurance Guide