Go to Content

We are the flag of Portugal on the internet

Blog

Hackers don’t stay "Out of Office"
Ricardo Pires
Cybersecurity Manager at .PT
31-07-2025
Hackers don’t stay "Out of Office"
For many, summer evokes images of relaxation, beaches, and a more laid-back work pace. It’s a time when companies naturally slow down, teams take well-deserved breaks, and daily routines are replaced by leisure. However, there is one group that doesn’t understand the concept of "vacation”: cybercriminals.

On the contrary, this is precisely when malicious actors see a golden opportunity to ramp up their operations. Aware that organizational defenses may be more vulnerable, they take advantage of the absence of key personnel, reduced monitoring, and slower approval processes to launch their attacks.

Summer: Peak Season for Cybercrime

Reports and alerts issued by leading organizations, such as the CNCS (National Cybersecurity Center), CERT.PT, and ENISA (European Union Agency for Cybersecurity), confirm a worrying trend: a noticeable increase in cyberattacks during the summer months. More aggressive phishing campaigns, ransomware infections, and the exploitation of systems with known vulnerabilities are some of the most common tactics.

This pattern, which repeats annually, demands maximum attention. It’s not uncommon for critical infrastructures to operate with reduced technical teams, for continuous system monitoring to be compromised, or for incident response to be delayed. Additionally, the "digital relaxation” environment may lead employees to make mistakes that would normally be avoided.

Best practices for a cyber secure Summer

Despite the evident risks, it’s entirely feasible to maintain a robust level of digital protection during vacation periods. Adopting a few key measures can make all the difference:

1. Strengthen Monitoring and Proactive Planning

  • Ensure the availability of a minimal but skilled incident response team.
  • Plan all necessary updates and maintenance on critical systems in advance.

2. Automate Whenever Possible

  • Implement monitoring tools and automatic alert systems for immediate detection of anomalous behavior.
  • Set automated rules for preventive actions, such as blocking unauthorized access attempts.

3. Invest in Employee Awareness

  • Intensify awareness campaigns about phishing and other social engineering techniques.
  • Reinforce best practices for using personal devices in corporate environments, especially when working remotely.

4. Establish Clear Remote Work Policies

  • Ensure secure connections through Virtual Private Networks (VPNs) and implement multi-factor authentication (MFA).
  • Restrict access to critical systems to users with a justified and real need.

5. Regularly Update Systems

  • Keep all software up to date, including firewalls, antivirus solutions, and operating systems.
  • Conduct regular checks to ensure publicly accessible servers and applications are properly secured.

Cybersecurity Doesn’t Take a Vacation

In a world increasingly dependent on digital infrastructure, protecting and ensuring the continuity of technological systems is a non-negotiable priority, regardless of the time of year. Summer may be seen as a break on the calendar, but it should never be a time to relax cybersecurity defenses.

At .PT, we work daily to ensure the national top-level domain infrastructure remains resilient and secure. We strongly encourage all organizations to adopt a proactive cybersecurity stance — even, and especially, when the apparent calm suggests that "nothing is wrong.”

Because hackers don’t go Out of Office. And your cybersecurity shouldn’t either.




Please note: the articles on this blog may not convey the opinion of .PT, but of its author.
Back to Posts