The security of sensitive data should be a top priority if you allow your employees to use company devices for private purposes.
The school is over, and we have seen the first wave of summer leaves partly empty the offices. However, most summer vacations are still coming up in July and August. Nowadays, many employees tend to take care of some business also on holiday. So, how can we ensure the security and integrity of sensitive data transmitted over numerous networks all over the world?
In this blog post, we will focus on three elements of (cyber) security to ensure that sensitive data stays in place and is not compromised in any way while you are away for the summer.
Why is the security of sensitive data put to the test in the summer?
Simply because you relax and put your brains at rest. You are less likely to use PCs, while you spend more time using your smartphone, where the sense of commitment to data protection is weaker. You spend more time browsing social networks, where you are also more active in writing comments and participating in various prize draws and games. Among all the legitimate posts, a well-set trap can be quickly overlooked.
At the business level, cybersecurity is at stake in the summer due to the often reduced staffing in security operations centres (SOC). Fewer experts in the SOC results in a higher probability of a successful cyber-attack. Attackers are aware of this fact, and according to some reports*, the number of attempted cyber-attacks is highest in the summer months. Hackers try to gain entry to the corporate network by spear phishing, targeting employees with the content related to the absence of their managers; e. g. “a manager” asking an employee to make an urgent purchase in an online store.
Review controls and remind employees of security policies
In business environments, we need to ensure sustainable cyber security at two levels: for “normal” users, where ongoing security awareness training is necessary, and in the IT department or the response centre (SOC).
Considering the before-mentioned fact that IT departments and SOC centres are short on staff during the summer, it sounds reasonable to review the existing controls and security measures. This will allow the colleagues covering the primary team to react more quickly and be alert when the alarms are raised.
Furthermore, make sure that users are aware of current security policies, both in terms of appropriate arrangements for securing the physical workplace and for using mobile devices and accessing corporate data from remote locations.
In the last two years, many companies have embraced remote working and set rules on the use of business and personal devices for business purposes. This has certainly improved the security of sensitive data. However, the perception of use is different when we are at home, working, or at the seaside, casually checking our work email while chatting on the beach.
A clean desk policy is a basic hygiene measure
An essential hygiene precaution before you leave for vacation is to tidy up your workplace. You do best if there is nothing on your desk except your PC, which should be completely shut down (not sleeping or hibernating). If you cannot put all your documentation in cupboards or drawers, make sure that at least sensitive information is not being left on your desk. This way, passers-by or potential attackers do not even have a reason to spy around your desk.
It is also a good idea to back up your (work) computer before you go on holiday. Be careful what you want to back up. It is often the case that employees keep private data – either documents or photos – on company devices that should not be stored in the business backup. Transfer such documents to a private cloud (e. g., Google Drive or private MS OneDrive) or store them on an external storage media.
Put your brain at rest while you keep your devices and sensitive data cyber-secure
Rule No. 1: Don’t publish on social media that you are travelling. It’s perfectly normal that we like to share lovely moments with our friends online. But there’s also nothing wrong with posting photos from your travels when you return home. The information about our absence can be exploited by cybercriminals who use it for spear fishing, as well as by burglars who can take advantage of our absence.
Rule No. 2: Turn off automatic connection to wireless and Bluetooth networks on mobile devices. Avoid connecting to open wireless networks, as a hacker can connect to such networks just like you do and may remain hidden, intercepting traffic or spoofing your sites. If you have no choice but to use an open wireless network, try at least to use a VPN connection, which encrypts traffic and does a good job keeping your data secure once you have established a secure connection. However, there is still a time frame between connecting to an open network and establishing a VPN connection when an attacker can intercept your traffic and capture a password. So make sure you are connected to a closed, password-protected network or use a mobile hotspot, which is considered a secure connection for the time being.
Rule No. 3: Make sure your apps and browsers are always up-to-date. Regularly updating your software can reduce the chances of attacks to a relatively large extent, as patches also address security flaws. Be careful when installing new applications, and always check that an application is trusted before installing it. Install apps from official online stores (e. g., Google Play, App Store) and not from websites.
By following these tips, you will enjoy a cyber-secure vacation and preserve the integrity and security of your sensitive data.
Since users are the most vulnerable part of IT systems, regular security awareness training is crucial for a stable security posture.
Simulated phishing attacks are an effective way to train employees to identify phishing attacks and malicious links.
Take advantage of free tools to test how social engineering simulation attacks work and how can they help you improve your cybersecurity posture.…
* Vir: Hudson Reporter