As we all soon will head out on upcoming holiday vacations, we all run the danger of becoming a remote risk for our companies, often without being aware of it. In an era where it is increasingly difficult for workers to simply “switch off” when on vacation, the need to stay in touch with the office through mobile phones and tablets is only increasing. But this need to stay in touch is also putting critical systems at higher risk of attacks and unauthorized access, and potentially compromising companies’ sensitive information.
According to a recent survey by Ernst & Young, tablet computer use for business has more than doubled since 2011. Further, 37 percent of respondents identified careless or unaware employees as the threat that has most increased their organization’s risk exposure as, with inadvertent employee data loss rising 25 percent year over year.
According to Terry Jost, Partner/Principal, Ernst & Young Advisory Services Practice, all employees can take some simple – but critical – steps to protect themselves and the enterprise against seasonal security vulnerabilities:
- Avoid posting “out of office” auto replies. These confirm that you are away and may invite mischief and hacking into your account. Instead, notify a close circle of internal and external contacts that you will be out of the office. Provide the name of an individual they can contact for matters requiring immediate attention.
- Avoid using personal accounts on public computers and terminals, including those found in cyber cafes and summer vacation rentals.
- Try not to use public websites and free Wi-Fi to access work-related e-mail and files. Instead, use your smartphone as a local wireless hub. Alternatively, subscribe to a temporary hotspot.
- Make sure that security settings are up-to-date on all of your mobile devices.
- Ensure that passwords to access the device are set.
- Avoid checking personal social media sites on company-issued laptops, tablets or phones.
- Similar to laptops and home computers, tablets should be password protected. You should enable the “Where’s my device” feature on all mobile devices and be able to deactivate devices remotely in the event of loss or theft.
- Consider leaving your mobile device at home when traveling to high-risk countries. Most companies have travel policies that may advise you to rent a temporary device if connectivity is required.
- Use complex passwords for your online accounts. Change them often and use different passwords for different sites. The average person has more than 50 online accounts so invest in a secure password manager.
- Do not disclose your travel plans on social media sites. As a rule of thumb, only post in the past tense.
Has there always been a “seasonal risk” for data theft?
While we may let our guard down during some seasons due to holiday travel and staying in remote locations, this is really more about an evolutionary risk. As the number of mobile devices in the world increases, the potential for new cyber-attacks becomes more likely, day after day, season after season. This can include new forms of malware on devices and issues facing mobile communications.
Is there one particular season or holiday that is worse than others?
Attacks could be linked to our changing patterns of increased travel during the holidays. There could be greater chances when someone can penetrate your system, or access your data as you move from location to location.
What can CSOs do to prevent laptop theft in their enterprises? You can only tell an employee so much, right?
CSOs need to keep the following in mind:
A.) It is an awareness issue. Everyone at a company has to be aware of cyber-security threats and their role in preventing them.
B.) The right tools need to be in place on your company’s mobile devices to protect the information contained on them. Laptops and such are always going to get lost. The important thing is that you encrypt the information on these devices and have the ability to remotely wipe all the information from that device once it has been confirmed as lost.
C.) You also need a mobile security management tool in place. You have to make sure you can authenticate the identity of user of the device.
Do you see CSOs increasingly taking a role in data loss prevention, or is it primarily an HR or IT issue?
It isa CSO issue – and has been one for a long time. Attacks mostly are about data, as that is typically the format of your most valuable intellectual property, so CSOs must protect IP. CSOs also need to keep in mind that attacks also involve protecting identities.