Management tips for safer cyber security for staff holidays
Considering cyber security during staff holidays, management teams always benefit from liaising with IT teams in advance of significant holiday periods when many staff travel to unfamiliar locations with unsecured networks. Coupled with the ‘bring your own device’ boom in organisations, increased risk results when staff are accessing company systems and platforms from their phones, tablets and laptops as they travel.
Here are our tips round up to help you and your teams be more mindful as you travel;
Reminding teams that software and anti-virus updates should be applied regularly is always good practice, however, before you travel it’s even more important to check you are fully updated. Be sure to only run updates when you are on secured network to protect your device and software too.
TIP – run extra team reminders for updates during holiday seasons. Running a drop in clinic for staff to get a ‘health check’ with your IT team can also be effective.
Roaming plan options have changed significantly in recent years; however, staff are often in doubt as it’s a regular occurrence that staff aren’t updated with clear information about inclusions and exclusions within their company data plan. Therefore, even when management teams know that there is sufficient roaming and data capability for international travel, staff will regularly self-elect to connect with free Wi-Fi options as they travel ‘just in case’. Free WiFi networks or hot spots are usually unsecure networks. A regular target for hackers is to set up a similar free Wi-Fi option in locations where business personnel may travel such as airports and luxury hotels. They will usually create a Wi-Fi option which is remarkably similar to the one of the premises and then enjoy accessing all information transmitted, passwords used to enter platforms and websites as holidays makers check emails, access social media accounts and surf the web.
TIP – Update your staff teams on roaming and data policy before they travel. Have secure access systems established for remote working across your team. Disable your wireless (Wi-Fi) connection when you are not actually using your device to connect to the Internet.
Shared computers enable others to access all your entered and transmitted data. Hotel and airport business lounges are hot targets for hackers who can remote access and or enable software on these machines.
TIP – Do not be tempted to use a shard computer for any work related, account-based activity (such as social media or shopping) or financial banking activities. Otherwise you may find while you are then relaxing by the pool someone is having a field day accessing your sensitive information and putting your business and or finances at risk.
Blue tooth has an abundance of uses these days. From hands -free in vehicles to activity trackers and speakers. As Blue tooth becomes used more frequently – the risk of unsecured access controls is on the rise. Once someone can connect with your blue tooth without controlled permission they can access a wide variety of information in your device which could put business confidentiality and or finances at risk. A brief interaction can also be sufficient to enable malware on a device so one fleeting moment of access can prove destructive for months to come thereafter. Incredibly senior personnel often turn to teenage children during holiday periods to get them to ‘fix’ things such as connections on their devices.
TIP – Have controlled access for blue tooth establish on all devices and run education session with your teams on the risks that ‘uncontrolled access scan has’. Do not let anyone other than a company employee access setting on a company device.
Take your own charger and never be tempted to charge via a USB port anywhere else that is not a known secure network. These are regularly used to infect devices with malware.
TIP – Issue reminders to staff to take chargers with them when they travel, and order some extra ones in anticipation for some being left behind upon staff return to keep things ticking along as normal.
Theft will happen on occasion, however, being prepared for it manages and limits the risk to your business. Training staff and sharing tips with staff at all levels, from interns to board members is prudent and specialist security advice on software can prove invaluable. The value of your data usually far outweighs the value of the device in question. You can also enable software that allows you to wipe the data from the device remotely should notification be received that the device has been compromised. In some circumstances you can add software that tracks the device and or accesses the camera so you can even see who has your device!
TIP – Limit the password attempts. Many devices have a feature where you can set it to wipe all data held on it if the password is attempted more than ten times. Enlist some security specialist consultancy to assess what’s best suited to your organisation. It’s important that software and its use also align with staff rights and legal compliance which differs across the globe.
JUST IN CASE
Not all loss is theft. Often when travelling staff members can misplace their device which is then handed in to local Police and or hotel receptions.
TIP – ‘wallpaper or screen saving can’ prove a helpful tool – have your contact details feature so even if your device is locked it’s fairly simple for someone to identify whose device it is and track you down.
TOP TIP – Back up your data before you leave!If you would like support to assess and update your current policies and procedures, our Governance, Risk Management and Compliance Consultants can swiftly help you with that. Similarly, our tech teams can support with pen testing and or smart software solutions to increase the security of your systems and data.
Accreditation such as Cyber Essentials Plus or Information Security Management Systems (ISO) such as ISO27001, can make your organisations’ security more robust. ISO27001 is a systematic approach to managing sensitive information so that it remains secure. This includes 114 security controls being established, including people, processes and IT systems by applying a risk management process.
Contact us to find out what’s best for your organisation.