Lower staffing levels and guaranteed absences make the summer months a vulnerable time for businesses.
You wouldn't go on holiday without locking your front door and asking someone to feed the cat and water the plants, so don't take the chance with the security and data on company networks.
Cyber attacks, which can be devastating any time of year, are particularly hard to identify and deal with promptly during the holiday period. This means businesses are especially exposed in terms of reputation, information breach and lost revenue. The following four steps should help:
1. Try to keep up to date with patching
Don't let this vital security procedure get sloppy over the summer. Traditionally the organisations and IT administrators have been reluctant to patch regularly because of the cost and resources required to adequately test changes and prevent unforeseen outages.
There is always pressure to ensure that production servers continue to perform. But even if team members are away and you have less resource to deal with updates, vendors all have a specific day when patches are made available, so use that information.
As well as this information, pay attention to how updates are categorised in terms of severity so you’ll be to schedule and plan for the most important ones.
2. Holiday planning
You may feel like putting your feet up when the IT department is not dealing with as many internal challenges due to people being on holiday, but don't be fooled. If a cyber-threat arrives, will you have the resources to cope?
Try to ensure that people with the same skills are not off at the same time. In cyber-security terms, the holiday rota needs to be workable in the event that you end up in a disaster recovery situation. Where there are transferrable skills ensure that the people you do have are able all the systems they need to do their own job and pick up the slack for their absent co-workers where necessary.
If you work with outsourcers or third-party contractors you should also have visibility of which members of your extended team may also be unavailable.
3. Everyone's a super-user
One often over-looked aspect of security is how information is accessed inside the organisation. Take steps before you jet off to make sure people can only access the systems and data they really need. Why? Hackers thrive on harvesting small, seemingly insignificant pieces of information and putting them together.
An out of office response tells them employees are away, it often tells them who else in the organisation they work with and even what clients they deal with. Limit the potential of cyber threats to move laterally by ensuring if someone unauthorised does access the network, they can only access a limited amount of data.
4. Leave your desks tidy… and free of password post-its!
Don't hand over the keys to the kingdom – it’s holiday time when employees could potentially expose your organisation to some gaping security holes. The best case scenario is for any handover of responsibilities during holiday time to not involve major upgrades or maintenance.
If different personnel must have access to other resources by far the best way to manage them is through a privileged user management solution or at the very least password vaulting to prevent credentials being documented anywhere.
We’ve seen far too many examples in recent times of usernames and passwords emblazoned on whiteboards, noticeboards and stuck to monitors. It won’t take a complex piece of malware or a determined hacker to get access to systems if you’re essentially advertising how to get in.
When a disaster strikes, you can’t put it off until so-and-so is back from holiday. It becomes the most urgent thing on the team’s to-do list.
Therefore taking these essential steps minimises the chance that you will be caught on the back foot – which should make the summer months more relaxing for everyone.
Chris Pace, Head of Product Marketing, Wallix