As the large gaseous sphere more tropical nations know as ‘the sun’ continues to heat up the UK, employees in every industry are taking time off to enjoy the season.
However, when members of the often understaffed IT department head out for weeks at a time, business need to ensure that their sensitive data is protected from all kinds of threats.
Without the steady hands of seasoned IT protectors to hold down the fort, powering down all IT equipment and relying on pen, paper and stone tablets may seem like the only option. But don’t panic: there are a number of steps IT professionals can take during the summer slowdown to ensure that an organisation will remain secure, and business will go on as usual:
- Timely training: Hosting company-wide cybersecurity training sessions is critical for securing data at throughout the year. This training will be most useful for employees during the July and August timeframe, when some of the IT team is most likely to be on vacation, and when attackers know that systems may be less protected. Just over halfway through the year, employees may be getting lax in their vigilance against email phishing attacks and other threats. These sessions will remind employees of best practices when it comes to preventing scams.
- Gamify cybersecurity: Traditional approaches to protecting sensitive data involve workflows that are cumbersome and focused on ‘punishing’ the end-user. The relationship between security professional and end-user often results in negative attitudes towards one another. Consider flipping this paradigm by gamifying your cybersecurity strategy for a fun and interactive learning experience. An example of gamification is rewarding employees with digital badges for every secure behaviour they exhibit. Earning virtual rewards can foster friendly competition amongst peers. IT pros can sit back and watch them climb the leaderboards whilst improving cyber security practices across the business.
- Rely on data protection software: Sophisticated attackers cannot be defeated by antivirus software alone. Attackers are seeking sensitive data, so the software an organisation uses should prioritise protecting the crown jewels themselves, not just secure the digital walls around them. Putting in place data protection software that can fully lock-down confidential data, both structured and unstructured, is the only way to ensure that an organisation is safe while IT is away.
- Implement enforcement policies: Before heading out on holiday, ensure the organisation’s data protection software has outlined strict enforcement policies to prevent confidential data from leaving the corporate IT environment. Set the company’s policies to automatically block or encrypt sensitive data on corporate emails and files. Having these policies in place while you’re away will protect the company’s data in the event that an attacker strikes.
- Be prepared in the event your data is stolen: Despite taking all the necessary steps to prevent an intruder from gaining access to your organisation’s data, history has proven that attackers can and will get in to your network. Prepare and routinely update an incident response plan to have at the ready for your team to enact if you’re out of the office during one of these events. Immediately following a breach, the organisation should identify the information compromised, isolate the data and decide how to inform those customers impacted by the event. The next priority should be to assess any changes that need to be made to avoid similar future data breaches in the future, including thoroughly testing the protection software currently in place.
Whilst data security is essential to a business throughout the year, by following these key principles IT professionals can soak up the sun and unwind, confident in the knowledge that their company’s data is secure.
Luke Brown, VP and GM EMEA, India and LatAm at Digital Guardian
Image source: Shutterstock/Sergey Nivens