itb-nz logo
Story image

Don't let cyber criminals take you down this holiday season

Security can become more lax in the holiday season as employees turn their attention to parties and social gatherings, and spend more time out of the office.

Dr Rajiv Shah, BAE Systems Applied Intelligence regional general manager, says, “It’s important we all enjoy the holiday season, but don’t forget that the most determined criminals are unlikely to be taking time off!"

“These days, cyber criminals will be on the lookout for every opportunity to get their hands on sensitive information, steal data, or gain access to company systems," he says.

In order to help organisations reduce the risk of a cyber attack on their key business systems during this busy time, BAE Systems Applied Intelligence has made four key recommendations.

1. Don’t talk ‘shop’ when you’re out

Social engineering, the practice of using psychological manipulation to identify vulnerabilities or obtain sensitive information, is often conducted at social events, BAE Systems says.

Conversations about customers or internal operations might give someone a reason to eavesdrop, steal a device, or trick an employee into divulging inappropriate information.

While employees might think the passer-by won’t know what they’re talking about, these days it’s surprisingly easy for someone to build up a profile of an individual from the bits of information that are out there, the company says.

As such, keep work-related conversation in the office to avoid any issues, and use the office party as a chance to switch off from talking shop, BAE Systems says.

2. Protect your data when out of the office

Whilst many people would like to leave work behind when out of the office, it’s not always possible.

Many employees need to be able to work on company data when out of the office, so employers need to accept this and have the right safeguards in place, the company says.

The first thing is to ensure everyone knows and follows basic security. Put a passcode on devices, enable auto-lock, and don’t take unnecessary risks – for instance, enourage employees not to leave laptops in their car while at a party, BAE Systems says.

BAE Systems says employers should set out a clear policy on what can and can’t be accessed on work or personal devices when out of the office.

For anything that might access sensitive data and result in that data being stored, even temporarily, on the device, ensure staff know the right way to do this, and include additional encryption for key business-related applications, the company says.

3. Review security infrastructure

An organisation’s security systems should be kept up to date at all times, says BAE Systems.

Organisations should thoroughly review these systems before the holiday period to make sure that everything is up to date and working properly.

By making sure all internal systems that are integrated with mobile devices are protected with up-to-date security barriers, the organisation can ensure it has a robust line of defence in case its employees’ devices are compromised, according to the company.

4. Practice your response to an incident

While employees may frequently partake in fire drills to practice what to do when the building goes up in flames, businesses rarely practice how it would respond to a breach of its computer systems and loss of data, BAE Systems says.

Now is a good time to make sure employers have an up to date inventory of data, where it is stored and the impact of loss, and to make sure key staff know what to do and who to call in the case of an incident – just in case the worst happens when no-one is in the office, BAE Systems says.

Download image
74% of APAC IT leaders say security culture is essential to business success
You can join these leaders in designing security awareness and training with your employees in mind.More
Story image
Pure Storage acquires Portworx for $370m, extends Kubernetes services and support
Pure Storage has signed an agreement to acquire Portworx for approximately $370 million in cash, with the aim of extending Kubernetes and containers solutions and support. This deal represents Pure Storage’s largest acquisition to date. More
Story image
Monique’s Story: From high school drop-out to Xero Software Developer
“Don’t let anyone hold you back. I didn’t even know that software development was a career option until I met someone in the industry, so asking around helps.”More
Story image
SecOps opens new Cyber Defence Operations Centre in Auckland
Privacy Commissioner John Edwards officially opened the centre this week, recognising SecOps’ efforts to provide managed security services to New Zealand businesses.More
Story image
Ericsson bolsters 5G portfolio with $1.1b Cradlepoint buyout
Ericsson will acquire Cradlepoint to create greater market share in the enterprise 5G space, boosting Ericsson’s existing 5G portfolio that includes IoT and enterprise network solutions.More
Story image
Video: 10 Minute IT Jams - Who is Globalization Partners?
Today, Techday speaks to Globalization Partners general manager for Asia-Pacific Charles Ferguson, who talks about Employer of Record technology and its strategic advantage for companies looking to expand internationally.More