The end of year holiday period is celebrated by retailers as the time when many make most – if not all – of their profit.

So it’s no coincidence that it’s also the time when cyber criminals are most active.

”Retailers always get hit this time of year,” says Rick Caccia, chief marketing officer of Exabeam, a user behavior analytics firm.

Interestingly, Enigma Software reports that he biggest single days for infections in the past two years were two weeks after Cyber Monday. Enigma believes that’s because that around then shipping for online orders begins to become a concern for shoppers, so criminals start sending bogus emails that claim to be from legitimate retailers warning of a problem with a supposed online order.

It’s too late to install new defensive products and services to boost security, or to re-architect the network so the corporate and retail sides are segregated. But there’s still enough time for CISOs to do a few things to reduce the odds of being stung. Here’s some last-minute tips:

–Already segregated the network? Great. But, warns Caccia, there can be vulnerabilities if it isn’t configured properly. “Be careful around the authentication configuration of the two networks,” he said.

–Be vigilant: Someone accessing a POS (point of sale) server from the corporate network for the first time “is a big red flag.”

–Be vilgilant: Keep an eye on what systems are being accessed by seasonal workers. They shouldn’t be near backend systems.

–Make sure in-store POS systems are locked down so seasonal workers – or quick-fingered customers – can’t get at keyboards or USB slots.

Other advice from expets:

–Now is not the time to be behind in patching.

–Warn the customer support team to watch out for callers asking for password resets without being able to answer challenge questions. Close isn’t good enough.

–Keep an eye out for fake Web sites, advertisements and apps offering discounts to your unsuspecting shoppers, warns Check Point Software.

–Don’t allow customers an unlimited number of password guesses. It could allow an attacker to make a brute force attack.