Summer is just around the corner, and every cybersecurity professional I know is braced for cybercriminals to take action. The Cybersecurity ad Infrastructure Security Agency (CISA), part of the Department of Homeland Security, warns that holidays are a period of heightened threat. That can be extrapolated to any time cybercriminals think IT security teams might be lean or preoccupied, such as the summer season, when workers typically take more time off and stay out of the office for longer.
Here are four top considerations to help IT security staff manage risks — even when they're short staffed with holidays and vacation schedules.
1. Beware of Taking Work and Hardware on Vacation
From the malicious intentions of a thief to a well-intentioned passerby going through a device to reach its owner and seeing sensitive information, lost hardware can evolve from an inconvenience to a corporate reputation and compliance nightmare.
To avoid the risk of lost hardware, it's best practice for employees to leave company devices at home unless they need to work while traveling — especially when it comes to international travel. As a precaution in the event devices are lost or stolen, employees should keep any devices with company information locked. IT departments should mandate phishing-resistant multifactor authentication, require employees to change passwords at least every six months, implement stringent password requirements, or explore passwordless validation options.
2. Avoid Open Wi-fi and Public USB Ports
While many employees are aware of the risks associated with using public Wi-Fi and charging ports, the convenience of sending a quick email from the airport or using public power outlets may be difficult to resist. It's essential to remain vigilant, because of the dangers of sneaky threat actors tapping into shared networks and infiltrating personal devices or corporate systems.
According to one survey, 40% of respondents had their information compromised while using public Wi-Fi. The Federal Communications Commission warns about "juice jacking," in which bad actors target travelers running low on battery power and load malware onto public USB charging stations to hack into electronic devices.
Work travel and quick check-ins while in transit make it difficult to completely avoid working in public. To avoid the security, compliance, and reputation risk of a hack, instruct employees on secure mobile working practices. Employees should use known, secure hotspots instead of connecting to public Wi-Fi. If Wi-Fi can't be avoided, they should use a virtual private network (VPN). Employees looking for a charge while on the go should only plug their chargers into AC power outlets, rather than public USB ports. This goes for company devices and personal devices that have access to company email or messaging applications, even if their primary use isn't for work.
3. Focus Security Training and Messaging About Holiday Cyber-Risks
Many cyberattacks like ransomware happen on Friday afternoons, and if it's a holiday weekend, the risk is high. Threat actors rightly calculate that a distracted employee trying to wrap up their work week might inadvertently click a phishing link or a security team might be running with a skeleton crew because of vacation schedules. Due to this, organizations must especially fortify their defense posture and check crisis management/business continuity plans as we approach holiday weekends.
Companies should closely monitor networks and systems for suspicious activity by combining employee and AI-led strategies in order to maximize time and cost efficiency, allowing AI monitoring and data protection to fill in the gaps when IT teams are spread thin.
Security departments should also schedule security refresh trainings ahead of summer vacation season. Schedule thoughtfully to ensure employees have dedicated time to review security practices and absorb the information.
4. Now Is the Time for IT Security Teams to Mobilize
It's necessary to develop plans to accomplish the preceding three steps and also ensure business can continue when an attack inevitably does occur. A business continuity plan will help you react appropriately and expeditiously in the event of an attack, thereby limiting the effects and scope of the crisis. Plans should include:
- An outline of who needs to be involved and their responsibilities, with contingencies in place that account for staff vacation plans
- Detection and initial analysis of the attack
- Defining the scope of the attack
- Determining the origination of the attack (who/what/where/when)
- Determining if the attack has concluded or is ongoing
- Determining how the attack occurred
- Containing the impact and propagation of the attack
- Eradicating the malware and vulnerabilities that may have permitted its ingress and propagation
- Recovering data from hardened backups
- Responding to regulatory and/or contractual obligations as a result of the breach
Bad Actors Come Prepared, but So Can Companies
Good security people prepare well. Relationships, training, awareness, technologies and incident response playbooks all help to manage and reduce risk. While long weekends and other time off are rarely true holidays for security professionals, there are steps we can take to prepare and protect our organizations, so employees can remain vigilant while also enjoying well-deserved time off.