Six Security Tips For The Holidays - InformationWeek
IoT
IoT
Mobile // Mobile Applications
Commentary
11/19/2010
12:06 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%
RELATED EVENTS
Moving UEBA Beyond the Ground Floor
Sep 20, 2017
This webinar will provide the details you need about UEBA so you can make the decisions on how bes ...Read More>>

Six Security Tips For The Holidays

Employee vacations, workplace celebrations, unexpected visitors and hours and hours of online shopping loom. Time to take a pre-holiday look at your seasonal security preparations.

Employee vacations, workplace celebrations, unexpected visitors and hours and hours of online shopping loom. Time to take a pre-holiday look at your seasonal security preparations.The approaching holidays, and the joy, delights and especially the distractions that accompany them should prompt a quick review of those aspects of your security posture most likely to be affected by the holiday effect.

  • Absent Employees: before the holiday travel and time-off season gets into full swing, take a look at who's going to be gone when, whether they will be accessing your systems remotely, and if not, whether their accounts and log-ons should be suspended for the duration of their vacation. Don't forget to check the employee's workspace for potential security vulnerabilities, including password and other sensitive material that's written down, USB and other easily removable devices that could contain confidential information, accounts with automated password and log-in fills (which shouldn't be permitted in the first place, frankly) left active.
  • Absent-Minded Employees: As the holiday season moves into higher gear, the prospect for employee distraction grows apace. Pass the word that while seasonal cheer is a good thing, letting that cheer get in the way of standard security procedures and policies isn't. Some key reminders: don't leave computers and other devices running when away; shut all systems down, if possible, during holiday parties and gatherings; remind employees to be extra vigilant about spam and other suspect communications and Web sites, especially holiday-themed come-ons.
  • Unexpected Visitors: Both unscheduled drop-ins and invited guests can pose security risks. If you're having a open house, for instance, make sure that monitors aren't showing sensitive information while guest are circulating; not a bad idea, in fact, to shut down all public are systems while guests are present, if practical. Be wary as well of visitors -- and for that matter employees -- bearing digital devices containing seasonal music or other digital diversions. Strongly suggest that such devices not be plugged into your business systems.
  • Don't Let Employees Shop If Their Guard Is Dropped: Online shopping from the workplace is a fact of holiday life, and should be addressed with a) a policy that makes clear the times, if any, that online shopping is permitted via company equipment and connections, b) a triple-check of your systems' up-to-date defenses against drive-by and other malware attacks aimed at shopper, sand c) a refresher course in online shopping security for your employees. Not a bad idea to remind them that shopping by phone requires the same security vigilance as shopping from the desktop.
  • Physical Security For Digital Assets: Brick and mortar thieves are out in fore during the holiday season, so it's important that you check your workplace's physical security, especially if the workplace is going to be completely closed during part or all of the holidays.
  • Patches and Updates Don't Get Time Off For The Holidays: Many of the tips offered here are applicable throughout the year, not just during the holiday season. The same goes for your day-to-day security practices and policies. Patches will still need to be installed, virus definitions updated. Make sure you know who's responsible for the daily maintenance of your security posture, and have plans in place should they be away for the holidays.

A bit of preparation and reinforcement now will make your workplace -- and your employees -- more secure when the holiday season ramps up.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll