Keep Your Users and Data Cyber Secure Over the Holidays
Keep your Users and Data Cyber Secure Over the Holidays
The holidays are a time to put your feet up and relax. However, it is also an opportune time for cyber-attacks; especially when you are working remotely. As we explore below, many security habits go out the window faster than your Dry January attempt, leaving your company at risk. It’s worth noting that 80% of attacks occur from internal activity, so it’s vital that staff have received security awareness training.
Luckily, there are ways to reduce this threat, so, you can happily sit back and enjoy the holidays, knowing your business is safe and secure. Here are some tips to stay cyber-safe these holidays:
With lots of people travelling over the holiday period, one area that becomes a weakness is where colleagues choose to connect from. Often staff will work at any free Wi-Fi spots they can find, including hotels, cafes, supermarkets and shops.
Nearly one third of employees (31%) use free Wi-Fi hotspots, and nearly a quarter (24%) use them for work-related emails and documents. However, the use of rogue Wi-Fi in public areas, mimicking legitimate Wi-Fi is increasing and pose a significant risk to data and privacy.
If you are travelling over the holiday period and working, never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time—no matter how short—lock it up so no one can use it while you’re away. If you keep sensitive information on a USB or external hard drive, make sure it is encrypted and lock it up as well.
Employees should also be aware of the risk of snooping and eavesdropping, not just online, but from other people in the vicinity. Can someone see and potentially grab a discreet photo of company sensitive information while they work in a public space?
Timico Top Tip: Look to encrypt and protect traffic at source by using a VPN or a Cloud based security suite that will protect endpoints. Until then, when using public Wi-Fi be careful of what you do. Don’t pay bills, do online banking or access other sensitive data. Yes, that includes e-mail and social media, like Facebook, which can sometimes share sensitive info. Only use public Wi-Fi to surf the web.
Unless you empower users with secure systems such as VDI, then using shared, public or friends’ computers can be risky and shouldn’t be used for any business purposes (we’d also advise not to use personal accounts with sensitive information especially financial data!). With an unknown security posture, these devices can be easily infected with malware which will leak any personal information used on the system and gain access to your data, which is usually used for exploitation.
Timico Top Tip: Send out a reminder to all staff to use safe connections, regularly change their passwords and don’t leave their devices open in public places. Don’t be tempted to log in to any work platforms from public internet cafes, or anywhere you may find a lone computer not certified by your company, without a VPN.
Password Security Policies
With the most common passwords still being ‘123456’ and ‘Password’ it’s easy to see why the number of detected credential brute force attacks increased 400% last year. The number of users that regularly cycle through simple passwords that can usually be identified with a little effort or social engineering is scary.
Once your credentials have been taken, it takes on average 85 days to detect a breach. That’s a lot of time for someone to harvest data or try identifying higher value targets in your environment.
Timico Top Tip: Implementing a password policy is very straight forward, especially with the use of free guidance from the National Cyber Security Centre (NCSC). Teach your employees how to create secure passwords. Using phrases help create complex passwords and that can be made easier by doing things like recommending the use of song lyrics to generate passwords. Well, I wish it could be Christmas every day!
Protecting devices with security software
Any devices that are owned by your organisation should be properly protected. It’s also in your interest to help your staff protect any device used for BYOD or remote working.
There are a number of options available to companies to help protect endpoints from the various attack methods that afflict modern computing. Some of these are, antivirus for the obvious, web filtering to protect from malicious sites and malware, firewalls to prevent direct attack across networks like public WiFi and device encryption.
This can be a difficult area to negotiate as your employee may feel this impinges on the personal use of their device. Your cyber security policies will need to address issues like these, either restricting staff from using their own devices for certain business critical activities, providing secure company owned devices, or making your cyber security protection mandatory.
Timico Top Tip: Before you go on holiday, check with your IT manager that your firewalls and antivirus software are up to date and you have encryption enabled where appropriate and ask what else you can do to protect yourself.
Cyber Awareness Training
Technology can help reduce the risk but there is nothing better than investing in people to protect your IT assets and their personal data too! There are a number of online cyber awareness training facilities available that start with the basics. Its not safe to assume anyone’s level of awareness.
Be cyber smart (and secure) by enabling your employees with training and reminders before the holidays, including providing steps for what to do should a security breach occur. Make sure you have a robust security solution for your IT networks and devices or talk to our experts about how to better protect your business, so you can sit back and enjoy your well-earned rest, worry free.
Timico Top Tip: Enroll your people in Cyber Awareness training but just before you break up for the holidays, send out a brief guide on keeping secure online.
Of course, there is an easier way to be cyber secure over the holiday period, you could allow staff to have a complete break until they’re safely using on-premise connections after the holiday!