Staying Secure Over the Holiday Period

22 December 2025

The Christmas period is one of the busiest times of year for cyber criminals. Offices are quieter, decision makers may be away, and normal routines are often disrupted. Unfortunately, this creates ideal conditions for phishing emails, payment fraud, and account compromises.

For financial organisations, even a small mistake can have serious consequences. FCA guidance is clear that firms must take reasonable steps to protect client data and prevent financial crime at all times, including during holiday periods.

Key risks we see over Christmas:

• Fake emails pretending to be suppliers, banks, or senior colleagues asking for urgent action.

• Requests to change bank details or make last minute payments.

• Staff working remotely without the usual checks and balances.

What we recommend:

• Slow down when reading emails that feel urgent or emotional. Criminals rely on pressure.

• Check the sender address carefully, not just the display name.

• Never click links or open attachments unless you are confident they are genuine.

• Lock your screen whenever you step away, even when working from home.

• Avoid public Wi-Fi for work systems. If you must use it, always connect through your company VPN.

These controls support FCA expectations around operational resilience and systems and controls.

If you are unsure about an email or request, contact Maple before taking action. We would always rather check something harmless than respond to an incident later.

How Maple can help

Maple supports financial firms with day to day security monitoring, staff awareness guidance, and rapid incident response. If you would like reassurance that your controls are appropriate for the holiday period, speak to the Maple team.

Helpful links:

• National Cyber Security Centre small business guidance: https://www.ncsc.gov.uk/collection/small-business-guide

• How to recognise phishing emails: https://www.ncsc.gov.uk/guidance/phishing