As we all soon will head out on upcoming holiday vacations, we all run the danger of becoming a remote risk for our companies, often without being aware of it.

October 1, 2013

One Comment

As we all soon will head out on upcoming holiday vacations, we all run the danger of becoming a remote risk for our companies, often without being aware of it. In an era where it is increasingly difficult for workers to simply “switch off” when on vacation, the need to stay in touch with the office through mobile phones and tablets is only increasing. But this need to stay in touch is also putting critical systems at higher risk of attacks and unauthorized access, and potentially compromising companies’ sensitive information.

According to a recent survey by Ernst & Young, tablet computer use for business has more than doubled since 2011. Further, 37 percent of respondents identified careless or unaware employees as the threat that has most increased their organization’s risk exposure as, with inadvertent employee data loss rising 25 percent year over year.

According to Terry Jost, Partner/Principal, Ernst & Young Advisory Services Practice, all employees can take some simple – but critical – steps to protect themselves and the enterprise against seasonal security vulnerabilities:

Avoid posting “out of office” auto replies. These confirm that you are away and may invite mischief and hacking into your account. Instead, notify a close circle of internal and external contacts that you will be out of the office. Provide the name of an individual they can contact for matters requiring immediate attention.
Avoid using personal accounts on public computers and terminals, including those found in cyber cafes and summer vacation rentals.
Try not to use public websites and free Wi-Fi to access work-related e-mail and files. Instead, use your smartphone as a local wireless hub. Alternatively, subscribe to a temporary hotspot.
Make sure that security settings are up-to-date on all of your mobile devices.
Ensure that passwords to access the device are set.
Avoid checking personal social media sites on company-issued laptops, tablets or phones.
Similar to laptops and home computers, tablets should be password protected. You should enable the “Where’s my device” feature on all mobile devices and be able to deactivate devices remotely in the event of loss or theft.
Consider leaving your mobile device at home when traveling to high-risk countries. Most companies have travel policies that may advise you to rent a temporary device if connectivity is required.
Use complex passwords for your online accounts. Change them often and use different passwords for different sites. The average person has more than 50 online accounts so invest in a secure password manager.
Do not disclose your travel plans on social media sites. As a rule of thumb, only post in the past tense.

Has there always been a “seasonal risk” for data theft?

While we may let our guard down during some seasons due to holiday travel and staying in remote locations, this is really more about an evolutionary risk. As the number of mobile devices in the world increases, the potential for new cyber-attacks becomes more likely, day after day, season after season. This can include new forms of malware on devices and issues facing mobile communications.

Is there one particular season or holiday that is worse than others?

Attacks could be linked to our changing patterns of increased travel during the holidays. There could be greater chances when someone can penetrate your system, or access your data as you move from location to location.

What can CSOs do to prevent laptop theft in their enterprises? You can only tell an employee so much, right?

CSOs need to keep the following in mind:

A.) It is an awareness issue. Everyone at a company has to be aware of cyber-security threats and their role in preventing them.

B.) The right tools need to be in place on your company’s mobile devices to protect the information contained on them. Laptops and such are always going to get lost. The important thing is that you encrypt the information on these devices and have the ability to remotely wipe all the information from that device once it has been confirmed as lost.

C.) You also need a mobile security management tool in place. You have to make sure you can authenticate the identity of user of the device.

Do you see CSOs increasingly taking a role in data loss prevention, or is it primarily an HR or IT issue?

It isa CSO issue – and has been one for a long time. Attacks mostly are about data, as that is typically the format of your most valuable intellectual property, so CSOs must protect IP. CSOs also need to keep in mind that attacks also involve protecting identities.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

10 Ways to Secure Enterprise Data Over the Holiday Season

As we all soon will head out on upcoming holiday vacations, we all run the danger of becoming a remote risk for our companies, often without being aware of it.

Related Articles

Related Products

Report Abusive Comment