SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Don't let cyber criminals take you down this holiday season
Thu, 3rd Dec 2015
FYI, this story is more than a year old

Security can become more lax in the holiday season as employees turn their attention to parties and social gatherings, and spend more time out of the office.

Dr Rajiv Shah, BAE Systems Applied Intelligence regional general manager, says, “It's important we all enjoy the holiday season, but don't forget that the most determined criminals are unlikely to be taking time off!"

“These days, cyber criminals will be on the lookout for every opportunity to get their hands on sensitive information, steal data, or gain access to company systems," he says.

In order to help organisations reduce the risk of a cyber attack on their key business systems during this busy time, BAE Systems Applied Intelligence has made four key recommendations.

1. Don't talk ‘shop' when you're out

Social engineering, the practice of using psychological manipulation to identify vulnerabilities or obtain sensitive information, is often conducted at social events, BAE Systems says.

Conversations about customers or internal operations might give someone a reason to eavesdrop, steal a device, or trick an employee into divulging inappropriate information.

While employees might think the passer-by won't know what they're talking about, these days it's surprisingly easy for someone to build up a profile of an individual from the bits of information that are out there, the company says.

As such, keep work-related conversation in the office to avoid any issues, and use the office party as a chance to switch off from talking shop, BAE Systems says.

2. Protect your data when out of the office

Whilst many people would like to leave work behind when out of the office, it's not always possible.

Many employees need to be able to work on company data when out of the office, so employers need to accept this and have the right safeguards in place, the company says.

The first thing is to ensure everyone knows and follows basic security. Put a passcode on devices, enable auto-lock, and don't take unnecessary risks – for instance, enourage employees not to leave laptops in their car while at a party, BAE Systems says.

BAE Systems says employers should set out a clear policy on what can and can't be accessed on work or personal devices when out of the office.

For anything that might access sensitive data and result in that data being stored, even temporarily, on the device, ensure staff know the right way to do this, and include additional encryption for key business-related applications, the company says.

3. Review security infrastructure

An organisation's security systems should be kept up to date at all times, says BAE Systems.

Organisations should thoroughly review these systems before the holiday period to make sure that everything is up to date and working properly.

By making sure all internal systems that are integrated with mobile devices are protected with up-to-date security barriers, the organisation can ensure it has a robust line of defence in case its employees' devices are compromised, according to the company.

4. Practice your response to an incident

While employees may frequently partake in fire drills to practice what to do when the building goes up in flames, businesses rarely practice how it would respond to a breach of its computer systems and loss of data, BAE Systems says.

Now is a good time to make sure employers have an up to date inventory of data, where it is stored and the impact of loss, and to make sure key staff know what to do and who to call in the case of an incident – just in case the worst happens when no-one is in the office, BAE Systems says.