The summer holidays are upon us! After months of travel restrictions and working from home, lots of people are now heading off on their holidays. In these summer months, company staffing levels are lower and that goes for ICT departments as well. For cybercriminals this presents a perfect opportunity to make their move.
While many employees take time off, cybercriminals simply continue to ‘work’ as normal throughout the summer months. They can strike at any time, whenever they see and get an opportunity. Summer is the time when ICT and security departments have fewer people available to keep watch. It is also a time when staff ‘temporarily’ take on other people’s duties and even start using each other’s logins. During the summer, therefore, there is less of a focus on cybersecurity. The question is what you as a company and an employee can do to keep cybercrime at bay this summer? The answer is all kinds of things!
With fairly simple measures, and conscious thinking and actions, you can reduce the risk of cyberincidents during the summer because you can prepare for digital risks and dangers just as you would prepare for a holiday. It all starts with the cybersecurity basics, in other words, practical measures and clear agreements.
The following are a number of tips to increase your digital security while on holiday.
- Be conscious of your actions.
Proper cybersecurity actually starts with awareness. You need to know what information you are sharing and with whom. That post on Instagram of a beautiful sunset, a clear blue sea, or a charming restaurant is great for the family but it is all too easy to share this holiday information unintentionally or inadvertently with third parties. - Choose your location carefully.
If you have to do work while on holiday, think carefully about where you are going to do it. A view of the Eiffel Tower is lovely, but you will be taking an unnecessary risk if lots of people are passing by behind you and can see what you are doing on your screen. So make sure you choose a location where you can, for example, sit with your back to a wall to prevent people from passing by behind you. It is also a good idea to close your screen if you start a conversation with someone. - Goodbye Wi-Fi, hello 5G.
It is important to avoid accidents when on holiday, including digital ones. However, just like any accident, cyberincidents can happen anywhere, for example on an open Wi-Fi network. Criminals also know exactly how to find these free networks and hackers can listen in on your conversations and steal lots of data as they do so. Alternatively they will set up a Wi-Fi point to collect data about you or the organization you work for. So a quick check of your business email at the airport can have major repercussions. It is better to use the 5G connection on your smartphone because it is much more secure. - So you think you need access to your data any time and in any place.
As a true workaholic and control freak you cannot survive without essential data on your clients, contacts and quotes, nor your email. After all, what would you do if that quote suddenly becomes an order during your holiday and you are asked to make some adjustments? Make sure that this data is (made) available securely by IT via, for example, a validated app. Mailing business data to your private email address, or taking it along on a USB stick is, in any event, not a cyber-secure option. - Always up to date.
You want to stay up to date on the latest developments, gadgets and trends to help you carry out your work. The same principle applies to your laptop or smartphone. You should make sure that your software, app and patch updates are installed as soon as they become available and should not keep putting this task off. - Know what you are installing.
There are plenty of apps in the stores to make your life easier in all kinds of ways. There are apps for filters, photo editing, meditation exercises and even campsite entertainment programs. Although they might be handy, there is often another side to this convenience in the form of inherent malware or inadvertent access to information on your smartphone. Do not therefore install apps on your smartphone without first asking yourself what they give access to. - Be vigilant when it comes to Whatsapp and text messages.
Be alert to emails and Whatsapp and text messages containing information about new COVID rules, or about paying import duties on packages. Often these will contain a link to a malicious site or application which looks entirely genuine. The whole aim of these messages is to gain access to your data. Even the best of us can be taken in because cybercriminals have become extremely sophisticated. Consequently, we cannot overstate the importance of not clicking on links in Whatsapp messages or text messages which take you to a page where you have to fill in your data or install an app. - What should you do if something still goes wrong?
If you still get into trouble while on holiday, there is really only one remedy. You have to know who within your organization to call or inform if you fall victim to, for example, phishing or another form of cybercrime. It can happen to the best of us, but a quick response is important to minimize the damage.
Unprepared and unaware
Everyone wants a carefree summer, including when it comes to cybersecurity. Above, I provided a number of tips for employees. It goes without saying, however, that employers also have to be properly prepared. It has transpired, for example, that barely 40% of organizations have a so-called cyber resilience strategy in place. In other words, more than 60% are not (sufficiently) prepared for cyberthreats. The combination of insufficient staff in the IT department and employees working remotely makes high-quality cybersecurity difficult.
Cybercriminals are quick to use information which employees share unintentionally or inadvertently, as well as any digital gateways they have left open.
What can you as an organization do?
It would appear to be a no-brainer but, as an organization, you should be thinking about cybersecurity all year round, and not just during the holiday period. Because the techniques and methods of attack used by cybercriminals are developing and changing all the time, it is almost impossible to keep up. However, there are a number of basic principles which you can use as a point of departure to at least reduce the risk of an incident.
Protocols, routines and rights
People thrive on clarity, so you should draw up a protocol of clearly-defined agreements. Include descriptions of working procedures to ensure that holiday workers and replacement staff know what their duties are and how to work correctly and securely.
Replacement staff and holiday workers are often unfamiliar with your work routines. It is therefore a good idea to give them their own accounts which only allow access to the files, folders and corporate networks they need. This will enable you to keep an eye on who has worked with which files and reduce the risk of company data leaving the company without permission.
It is also important to make clear agreements about data sharing. You do not want data to be sent via email in all instances. When having to share large files, people often resort to free cloud-based tools. Although they are quick and easy, they are not always suitable. You should clearly record agreements like these in a protocol. Another advantage of doing so is that the information will then be available for new employees when they join the company.
Make sure the ICT department takes the appropriate precautionary measures before reducing staffing levels for the summer, for example by installing application controls on all devices and using web filters to block suspicious malware websites. Another tip with regard to those employees who insist on taking their work laptops and phones on holiday with them is to make sure that all the equipment is properly coded and equipped with VPN clients.
Preparation is half the key to success
The holiday period is the ideal period for reflection and for taking time off work. If you find that difficult, or have to be reachable for your clients, it is a good idea to read through the tips relating to your own cybersecurity. Incidentally, these same tips can also be applied at other times of the year. After all, whether you are checking your email while relaxing in your hammock on the beach, or sending off a proposal from a trendy coffee bar or from a shared office environment, a large proportion of the risks remain the same. By increasing your own cybersecurity awareness and by taking a number of basic measures into account when going about your business, you can significantly reduce the risk of an incident yourself.
An even better idea is simply to leave your work behind you and enjoy your summer holiday!