For many employees, the approaching holiday season means Christmas parties, social gatherings, and spending more time out of the office than usual. It also means fewer people are paying attention to office, device, and online security.
Dr Rajiv Shah, regional general manager, BAE Systems Applied Intelligence, said, “It’s important we all enjoy the holiday season, but don’t forget that the most determined criminals are unlikely to be taking time off! These days, cyber criminals will be on the lookout for every opportunity to get their hands on sensitive information, steal data, or gain access to company systems.”
BAE Systems Applied Intelligence recommends four key steps organisations can take to reduce the risk of a cyber attack on their key business systems during the holiday season:
1. Don’t talk ‘shop’ in the pub
Social engineering, the practice of using psychological manipulation to identify vulnerabilities or obtain sensitive information, is often conducted at social events.
Conversations about customers or internal operations might give someone a reason to eavesdrop, steal a device, or trick an employee into divulging inappropriate information. You might think the passer-by won’t know what you are talking about, but these days it’s surprisingly easy for someone to build up a profile of an individual from the bits of information that are out there.
Keep work-related conversation in the office to avoid any issues, and use the office party as a chance to switch off from talking shop.
2. Protect your data when out of the office
Whilst many of us would like to leave work behind when we leave the office, it’s not always possible. Many employees need to be able to work on company data when out of the office, so you need to accept this and have the right safeguards in place. The first thing is to ensure everyone knows and follows basic security – put a passcode on the device, enable auto-lock, and don’t take unnecessary risks – do you really need to leave your laptop in your car while you’re out at a party?
Set out a clear policy on what can and can’t be accessed on work or personal devices when out of the office. For anything that might access sensitive data and result in that data being stored, even temporarily, on the device, ensure staff know the right way to do this, and include additional encryption for key business-related applications.
3. Review security infrastructure
An organisation’s security systems should be kept up to date at all times. Organisations should thoroughly review these systems before the holiday period to make sure that everything is up to date and working properly. By making sure all internal systems that are integrated with mobile devices are protected with up-to-date security barriers, the organisation can ensure it has a robust line of defence in case its employees’ devices are compromised.
4. Practice your response to an incident
We are all used to regular fire drills to practice what to do when the building goes up in flames – but has your business ever practiced how it would respond to a breach of its computer systems and loss of data? Now is a good time to make sure you have an up to date inventory of your data, where it is stored and the impact of loss, and to make sure key staff know what to do and who to call in the case of an incident – just in case the worst happens when no-one is in the office.