Many organizations and their employees are taking a well-deserved break from their daily roles and routines this summer. But, while it’s a time of relaxation for many, cyber criminals can easily take advantage of this holiday period by targeting potentially vulnerable information and devices.
The reality is that cyber criminals and digital threats are always there, and they can become even more dangerous when employees are not in the office. They may not be using their devices or regularly checking their email, or closely monitoring their online presence.
The resulting impact can have a significant on an organization’s short-term revenue streams and growth potential. According to the 2020 Cost of a Data Breach Report conducted by The Ponemon Institute on behalf of IBM, the global average total cost of a data breach in 2020 rose to $3.86 million.
The good news is businesses can use security awareness training and highlighted best practices to ensure their organization’s cyber security posture is strong year-round – whether employees are at their desks, at home, or at the beach.
4 Steps Everyone Should Take Before Shutting Down for Vacation
Good security protection starts with a few key steps that everyone in the business should take before leaving for vacation.
- Change your passwords and store them in a secure location, such as a password manager application. Never write them down on paper.
- Securely store electronic documents on a protected company file sharing service or drive instead of leaving them on your workstation or laptop. Doing the latter can make it easier for someone to compromise or steal your data. Also, avoid emailing work documents to your personal email or accessing sensitive information on a non-work device.
- Shred sensitive paper documents or return them to the office instead of storing them at your vacant home.
- Enable out-of-office notifications only for internal senders. If you need to notify external senders, limit notifications to only those in your contacts. The fewer people who know that you are out of the office, the less likely it is that you will be the target of malicious activity.
Check out our strong passwords blog post for more on how you can secure your online accounts using established best practices recommended by Terranova Security in-house CISOs.
Beware of Idle Devices
Leaving endpoint computing devices (PCs, laptops, tablets, and cell phones) running and idle during vacation can be problematic.
While an idle device is less susceptible to a phishing attack requiring the user to read an email, the good news stops there. That’s because idle devices are still at risk of being compromised due to zero-day exploits or unpatched vulnerabilities.
Worse still, it may be days, weeks, or even longer before the user returns to work and realizes a cyber attack took place.
For those reasons, employers should require employees to turn off their devices before leaving for vacation. When they return, employees should make sure their system has all the latest patches and security updates installed before accessing email or browsing the Internet.
Cyber Security Best Practices for the Entire Family
Even when traveling with your family, keeping fundamental cyber security best practices in mind at all times can help everyone keep sensitive information safe. In addition to strong password creation, here are some general tips to ensure a cyber-safe vacation:
- Inspect all incoming messages and downloadable apps Pay attention for any suspicious warning signs of possible criminal activity and always download apps or other files from reputable sources.
- Keep your device’s software updated to close security loopholes that hackers can exploit. Ensure that you’re using the latest version of all the apps you interact with on a daily or weekly basis.
- Share personal information with extreme caution, even if doing so is part of a check-in process at a hotel or restaurant. Only divulge confidential information when you’re sure of the recipient’s identity and how they will use or process your data.
For more cyber security tips the entire family can benefit from, click over to the Cyber Security Hub.
How Organizations Can Build Cyber-Secure Culture
Managers play a crucial role in making sure their businesses and employees stay safe from digital threats. They can:
- Inform employees of mandatory best practices, like the four pre-vacation checklist steps outlined earlier in this blog post.
- Establish rule application mechanisms to ensure the steps can be applied consistently across all organizational activities and departments.
- Ask employees to store devices with sensitive information in a secured location, whether in the company’s offices or in their home offices.
- Implement security patches to idle devices connected to the corporate network but turned off.
Finally, managers can encourage their employees to truly disconnect while they are out of the office and make the most of an uninterrupted break. The less pressured employees feel to take work on vacation, the fewer times they will feel compelled to connect to the company network using an unmanaged device over what may be an unsecured Wi-Fi.
When working from home or on the road is unavoidable, your employees can leverage the Working From Home Kit on the Cyber Security Hub, which includes an interactive course and resources for security awareness at home.
Getting Cyber Security Buy-in from Smaller Teams
Regardless of the season, some smaller organizations may be challenged in getting staff to take cyber security seriously.
It starts with support from executive management. Have the organization’s leaders clarify that cyber security is critically important to the entire company and that every group – large or small – has a role to play. It all starts at the top.
It is also vital for staff to have at least a broad understanding of IT security, including the basics of the computing infrastructure, the systems and applications being used, the network that connects them, and the key security procedures that are in place.
Part of that understanding should include formal education and training, whether self-study or instructor-led, online or in-person. Good security awareness training, managed and implemented by a specialist, can play a key role in this effort.
Phishing Simulation: Your Cyber Security Exam Before Summer Break
Organizations should also consider phishing simulations to better understand their risk exposure to this increasingly dangerous form of cyber crime. Real-time phishing simulations can help security leaders determine which employees or users are at the highest risk of a phishing attack and better train them to recognize phishing emails, texts, or phone calls and report the tentative fraud.
Businesses should also carefully assess their exposure to other risks such as:
- Data leakage – Determine if your organization is at greater risk for unauthorized data access due to information being stored on unmanaged devices or cloud services.
- Data loss – Determine if your organization is at greater risk of losing data because it is not stored in a secure location, such as a server behind the network firewall and backed up regularly.
- Unmanaged devices – Determine if your organization is at risk of virus infections due to the use of devices that are not managed by the company’s IT staff. These include personal devices that employees connect to the corporate Wi-Fi (BYOD) or USB devices such as thumb drives.
- Unauthorized software – Determine what applications employees have access to and use software for business activities that could lead to data loss or leakage.
By implementing cyber security awareness training, using simulations to assess the organization’s cyber security risk, and following a few best practices, businesses can help keep their employees and systems safe no matter what season it is.
Cyber Security Hub: Access Exclusive Cyber Security Content
Take advantage of our free Cyber Security Hub – it is your one-stop cyber security awareness and knowledge center with one-click access to our COVID-19 Kit, Work From Home Kit, Password Kit, Phishing Kit and more.