While You're Out of Office, They're Just Getting Started
While you're firing up the grill or sitting in beach traffic, someone else is getting to work.
They've been planning for this. They know which businesses will be running on skeleton crews. They know which alerts will go unanswered. They know that at most small businesses, the person who handles IT is the one you call when something breaks — not someone watching a security dashboard at midnight on a Saturday.
They also know that the window between Friday afternoon and Tuesday morning is 72 hours of quiet. They've been looking forward to Memorial Day too, but not for the same reasons you have.
According to Semperis's 2025 Ransomware Holiday Risk Report, 52% of ransomware attacks hit on a holiday or weekend. That's not a coincidence. That's a strategy.
The window opens before you leave
The vulnerability doesn't start when the holiday begins. It starts when people begin mentally checking out — usually around Wednesday.
By Thursday afternoon, small shortcuts start appearing. Someone shares a login because a coworker needs quick access and there's no time to set it up properly. A vendor gets temporary credentials that nobody documents. A contractor finishes a project, but their access doesn't get removed because the person responsible is already making travel plans.
Friday is where things really slip. Sessions stay open. Laptops don't get locked. The small habits that quietly keep systems secure during a normal week — the ones nobody consciously thinks about — start to fall apart as everyone rushes to get out the door.
None of it feels reckless. It feels like a normal Friday before a long weekend.
But those decisions don't get revisited until Tuesday morning. That's a long window where no one is paying attention.
The business didn't leave for the weekend. The people did.
Who's working while you're away
In the Baltimore and DC area, this problem is amplified. Federal holidays affect entire networks of contractors, agencies, and vendors simultaneously. When the government goes quiet for three days, so does most of the support infrastructure around it.
On one side of that weekend: a criminal operation that's already done its homework. They've tested your login pages. They know your software stack. They're waiting for a quiet moment to move. Semperis found that 78% of companies reduce security staffing by at least half during weekends and holidays. Attackers know this, and they plan around it.
On the other side: who's there?
For most small businesses, the honest answer is no one. Or there's a reliable IT person you can call — but they're not watching your systems at 2 AM. They're not seeing the login attempt from an unusual location. They're not flagging the file transfer that doesn't match any normal pattern. They're waiting for you to call. And you can't call if you don't know anything is wrong.
That's the gap. Not just thinner defenses — a reactive model going up against a proactive one.
What changes when someone is actually watching
Continuous monitoring doesn't mean waiting for something to break. It means systems are flagging unusual behavior before the damage is done: a login from a location that's never been seen before, an access attempt on a system that should be idle, a data transfer that doesn't match any normal business activity.
Those alerts go to someone who knows what to do with them — not a voicemail that won't get checked until Tuesday.
It also means doing the prep work before the weekend starts. Reviewing who has access to what. Cleaning up credentials for contractors who've finished their work. Making sure nothing is left open that shouldn't be. Not because something is wrong, but because if something is, you want to know before everyone leaves — not after they come back.
For healthcare organizations in our area, this isn't optional. HIPAA doesn't pause for Memorial Day. A breach that happens over a long weekend still carries the same reporting requirements, the same penalties, and the same patient impact as one that happens on a Tuesday.
Before the next long weekend
You may already have this covered. If someone is monitoring your systems around the clock, you're ahead of where most businesses are.
But if your model is to wait until something breaks and then make a call, the next long weekend is a good time to think about whether that's still the right approach.
At RushIT, we work with businesses across Baltimore and the DC metro area that can't afford a 72-hour gap in their security posture. That conversation is usually shorter than you'd expect.
(410) 684-4405 | crush@rushitllc.com | rushitllc.com
