Employee vacations, workplace celebrations, unexpected visitors and hours and hours of online shopping loom. Time to take a pre-holiday look at your seasonal security preparations.The approaching holidays, and the joy, delights and especially the distractions that accompany them should prompt a quick review of those aspects of your security posture most likely to be affected by the holiday effect.
- Absent Employees: before the holiday travel and time-off season gets into full swing, take a look at who's going to be gone when, whether they will be accessing your systems remotely, and if not, whether their accounts and log-ons should be suspended for the duration of their vacation. Don't forget to check the employee's workspace for potential security vulnerabilities, including password and other sensitive material that's written down, USB and other easily removable devices that could contain confidential information, accounts with automated password and log-in fills (which shouldn't be permitted in the first place, frankly) left active.
- Absent-Minded Employees: As the holiday season moves into higher gear, the prospect for employee distraction grows apace. Pass the word that while seasonal cheer is a good thing, letting that cheer get in the way of standard security procedures and policies isn't. Some key reminders: don't leave computers and other devices running when away; shut all systems down, if possible, during holiday parties and gatherings; remind employees to be extra vigilant about spam and other suspect communications and Web sites, especially holiday-themed come-ons.
- Unexpected Visitors: Both unscheduled drop-ins and invited guests can pose security risks. If you're having a open house, for instance, make sure that monitors aren't showing sensitive information while guest are circulating; not a bad idea, in fact, to shut down all public are systems while guests are present, if practical. Be wary as well of visitors -- and for that matter employees -- bearing digital devices containing seasonal music or other digital diversions. Strongly suggest that such devices not be plugged into your business systems.
- Don't Let Employees Shop If Their Guard Is Dropped: Online shopping from the workplace is a fact of holiday life, and should be addressed with a) a policy that makes clear the times, if any, that online shopping is permitted via company equipment and connections, b) a triple-check of your systems' up-to-date defenses against drive-by and other malware attacks aimed at shopper, sand c) a refresher course in online shopping security for your employees. Not a bad idea to remind them that shopping by phone requires the same security vigilance as shopping from the desktop.
- Physical Security For Digital Assets: Brick and mortar thieves are out in fore during the holiday season, so it's important that you check your workplace's physical security, especially if the workplace is going to be completely closed during part or all of the holidays.
- Patches and Updates Don't Get Time Off For The Holidays: Many of the tips offered here are applicable throughout the year, not just during the holiday season. The same goes for your day-to-day security practices and policies. Patches will still need to be installed, virus definitions updated. Make sure you know who's responsible for the daily maintenance of your security posture, and have plans in place should they be away for the holidays.
A bit of preparation and reinforcement now will make your workplace -- and your employees -- more secure when the holiday season ramps up.