Sun, sand and security – Lessons learned about keeping secure on the summer break

By Dr. Guy Bunker @guybunker

Sun, sand and security

Are you one of the large group of people who ended up working during your summer holiday? Or are you perhaps still planning to jet off somewhere and considering to pack your work phone?

It’s a fact (like it or loathe it) that many of us tend to keep in touch with work while we’re off – even if we are just checking in on our e-mails – but this does pose big potential security risks, especially while we are in “holiday mode”.

Here are my dos and don’ts of working while on holiday (if you have to…):

  • Email and messaging
    Sending work-related stuff to the wrong person can be a little embarrassing… but hey, it was after a glass of rosé. So before you go away, remember to remove any personal contacts from the “quick complete” email address lists, so that critical company information doesn’t accidentally end up with your friends and cause a data leak nightmare for the CEO – all while you’re out-of-office.
  • BYOD data security policies
    Ensuring that company policies on BYOD data security are up to date is especially important before the summer holiday period. An astonishing 47% of UK adults use their personal smartphone, laptop or tablet for work purposes and 90% of those polled for the VAIO Digital Business 2013 report have accessed company data from a personal device. Be vigilant!
  • Awareness and knowledge
    It’s essential to regularly remind employees of the reasons behind your security policies and the consequences of not protecting your information properly. A quick policy reminder can avoid all sorts of problems – including the costly and reputational damage to the company that a data leak can create. Remember that human error is still the most dangerous cyber security risk for organisations.

On the flipside, for those that are still in the office, we must remember that the holiday season is a great time for cyber hackers wanting to take advantage of the “quiet” time - where the staff count is lower than normal and security policies may not be being enforced at the usual optimum levels. In the US, both Target and Neiman Marcus were hit over the holiday period last year. Holiday time represents a perfect time for hackers to strike. Cyber-attacks don’t take the holidays off!

Technology moves as fast as the threats, and a better understanding of the critical information your organization holds, coupled with visibility of who has access and how, is often the real key to putting appropriate and cost effective security measures in place. It’s not enough to think about “if” scenarios – it’s a matter of “when”. Organizations need to be prepared for cyber-attacks at any level and at any time.

If you’re not continuously reviewing and evolving your information governance policy, you remain vulnerable. Each day brings a new risk and will continue to do so. We increasingly rely on technology and there’s a widening knowledge gap between those who know how the technology works and those who simply use it. It’s the responsibility of the organization to educate its people on best practice. This is a continuous process and it’s essential to be vigilant. A simple and timely check of all security processes can help organizations to protect their critical information, during the holidays and at all other times.