Your employees are on vacation. Cybercriminals aren't.
A half-empty office, approvals by text, the controller at the cottage: summer is exactly the scenario attackers hope for. Here's why attacks cluster around holidays — and four simple moves before you close the laptop.
A Friday in mid-July. The office is running at half capacity: the controller is at the cottage, the operations director is back Monday, and approvals are happening by text "so we don't bother anyone." For your team, that's summer. For an attacker, it's a window of opportunity — and they know it.
The attacker's calendar
It's not just a feeling. Semperis's 2025 Ransomware Holiday Risk Report, based on a survey of 1,500 IT professionals across ten countries including Canada, found that 52% of ransomware attacks occur on a weekend or holiday — precisely when 78% of companies cut their security monitoring staff by half or more.
The textbook cases have become classics. The Kaseya attack, which paralyzed roughly 1,500 businesses at once, was launched on a Friday afternoon — July 2, 2021, right at the start of the American July 4th long weekend. Colonial Pipeline went down the day before Mother's Day. The timing is never an accident: attackers pick the exact hour when nobody is watching the screen.
Why summer makes everything worse
First, detection slows down. An intrusion at 5 p.m. on a Friday has the whole weekend — sometimes the entire construction holiday — to spread, encrypt and exfiltrate before anyone notices a thing.
Second, processes degrade. The normal approval workflow gets skipped: "Can you send the wire? I'll confirm by text." That's exactly the breeding ground for CEO fraud, which spikes during vacation periods — we're dedicating our next article to it.
Then there are the overly chatty auto-replies. "Away until July 28. For urgent matters, contact Julie Tremblay at 514..." To a fraudster, that's an org chart and a firing window served on a platter: they know who's gone, until when, and who to target in their absence.
And finally, beach-mode work: hotel Wi-Fi, the family tablet, a personal phone syncing company email — so many doors that sit outside your usual protections. That's precisely the scenario the Zero Trust approach was designed for: never assuming a device or a network can be trusted.
Four moves before you close the laptop
One, multi-factor authentication everywhere, no exceptions. It's the measure that blocks the most intrusions for the least effort, and it works while you sleep.
Two, monitoring that doesn't take time off. Saturday-night security alerts can't wait until everyone's back from vacation: detection and response need to run 24/7, in-house or through a partner.
Three, payment rules that survive absences. No unusual wire transfer, no banking detail change without a voice callback to a number you already know — even, and especially, if the request comes "from the president, who's travelling."
Four, low-profile absences. A minimal auto-reply, without precise dates or a detailed chain of replacements, and a clear internal emergency contact: everyone should know who to call if something feels off on a Saturday at 11 p.m. And if an employee is leaving for good rather than for vacation, that's a whole different procedure .
The bottom line
Vacations are sacred — and they should stay that way. The right question isn't "can my team unplug?" but "who's watching while they do?" At MMO Techno, monitoring, detection and response run 24 hours a day, 365 days a year — including during the construction holiday.
This summer, if a security alert goes off on a Saturday at 11 p.m., who at your company will see it?