The Christmas and New Year holidays are generally regarded as a very nice time of the year. Workers depart the office, giving information security experts a chance to put their feet up. Before you take your well-deserved rest, however, make sure to take measures to protect corporate information on employees’ personal gadgets.
Sensitive information on personal gadgets
If your company operates a sound BYOD strategy and employees are aware of the potential dangers of working from personal devices, you can feel relatively safe. Otherwise, if urgent situations arise during the holiday season, requiring employees to resolve work issues away from the office or even away from home, they may cause some cybersecurity-related issues.
It is important to remember that mobile messengers are used for business at many companies. Employees store contact information for colleagues and partners in devices’ address books, as well.
Some gadgets also store voice communications. Certain smartphones have a built-in feature to automatically record telephone conversations, and owners of other devices can use third-party applications.
Cybercriminals love vacationers
A person on vacation is relaxed and doesn’t monitor things as carefully as they might otherwise, including smartphones and tablets. The risk of parting company with a favorite gadget is especially great during vacation. Most likely, a stolen or lost device will be wiped before being sold. But data-hungry thieves are out there in force, too.
Keep in mind that attackers can gain access to valuable information without having to physically remove the smartphone from the owner’s pocket. Many vacationing employees use public Wi-Fi —it’s convenient but involves greater risk; cybercriminals monitor the air and intercept data.
A trade secret in the wrong hands can be very costly. Information about potential mergers and acquisitions, business plans, financial reports, and other corporate data can be sold to competitors with major consequences for your company. But that’s only what lies on the surface.
A recording of a telephone conversation with a colleague might not reveal any official secrets, but information gleaned from it could be perfect for blackmail or attacks that involve social engineering.
Your employees’ contacts are also highly prized by phishers. A leaked address book might contain addresses that are unavailable online. Sure in the knowledge that outsiders can’t contact them, the owners of such addresses are more likely to trust incoming e-mails than are colleagues whose addresses are published, say, on the corporate website.
How to reduce the risk of leakage during holidays
It’s not feasible to try to stop employees from using personal gadgets for business. Someone will flout even the strictest ban. To protect corporate data from outsiders, we advise training employees in the basics of information security, including the use of smartphones and tablets. At the very least, send out a memo before popular vacation breaks:
- Explain that proper security measures allow them to keep personal information — correspondence, photographs, bank card details — safe from prying eyes.
- Encourage employees to learn more about simple ways to protect personal data. Stress the importance of data encryption, two-factor authentication, and strong passwords, and discuss what to do if a device ends up getting stolen.
- Educate employees about the dangers of using public Wi-Fi and how to make it more secure (for example, by using a VPN).
- Advise charging smartphones in a wall socket, not through USB.
- Explain the importance of installing a reliable antivirus solution with antitheft technology on personal mobile devices.
And don’t forget to wish everyone a happy holiday — it is the festive season after all!