Story image

Don't let cyber criminals take you down this holiday season

03 Dec 2015

Security can become more lax in the holiday season as employees turn their attention to parties and social gatherings, and spend more time out of the office.

Dr Rajiv Shah, BAE Systems Applied Intelligence regional general manager, says, “It’s important we all enjoy the holiday season, but don’t forget that the most determined criminals are unlikely to be taking time off!"

“These days, cyber criminals will be on the lookout for every opportunity to get their hands on sensitive information, steal data, or gain access to company systems," he says.

In order to help organisations reduce the risk of a cyber attack on their key business systems during this busy time, BAE Systems Applied Intelligence has made four key recommendations.

1. Don’t talk ‘shop’ when you’re out

Social engineering, the practice of using psychological manipulation to identify vulnerabilities or obtain sensitive information, is often conducted at social events, BAE Systems says.

Conversations about customers or internal operations might give someone a reason to eavesdrop, steal a device, or trick an employee into divulging inappropriate information.

While employees might think the passer-by won’t know what they’re talking about, these days it’s surprisingly easy for someone to build up a profile of an individual from the bits of information that are out there, the company says.

As such, keep work-related conversation in the office to avoid any issues, and use the office party as a chance to switch off from talking shop, BAE Systems says.

2. Protect your data when out of the office

Whilst many people would like to leave work behind when out of the office, it’s not always possible.

Many employees need to be able to work on company data when out of the office, so employers need to accept this and have the right safeguards in place, the company says.

The first thing is to ensure everyone knows and follows basic security. Put a passcode on devices, enable auto-lock, and don’t take unnecessary risks – for instance, enourage employees not to leave laptops in their car while at a party, BAE Systems says.

BAE Systems says employers should set out a clear policy on what can and can’t be accessed on work or personal devices when out of the office.

For anything that might access sensitive data and result in that data being stored, even temporarily, on the device, ensure staff know the right way to do this, and include additional encryption for key business-related applications, the company says.

3. Review security infrastructure

An organisation’s security systems should be kept up to date at all times, says BAE Systems.

Organisations should thoroughly review these systems before the holiday period to make sure that everything is up to date and working properly.

By making sure all internal systems that are integrated with mobile devices are protected with up-to-date security barriers, the organisation can ensure it has a robust line of defence in case its employees’ devices are compromised, according to the company.

4. Practice your response to an incident

While employees may frequently partake in fire drills to practice what to do when the building goes up in flames, businesses rarely practice how it would respond to a breach of its computer systems and loss of data, BAE Systems says.

Now is a good time to make sure employers have an up to date inventory of data, where it is stored and the impact of loss, and to make sure key staff know what to do and who to call in the case of an incident – just in case the worst happens when no-one is in the office, BAE Systems says.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.