Even for companies that don’t normally allow users to work from home, the holidays practically beg for remote work...and plenty of security threats.
Earlier this week, Fortinet published a blog and infographic on ways to secure your holiday shopping. Black Friday and Cyber Monday are nearly upon us, after all, and if 2014 has taught us nothing else, it’s that retailers are vulnerable to attacks and data breaches. But holiday security concerns aren’t just about consumers, credit cards, and spending money on dodgy websites. How many of us will be escaping family gatherings to squeeze in a bit of work (“Golly, Aunt Edna, I’d love to hear more about your arthritis, but I have to go check in with work...No Thanksgiving over in Japan!”)? A plate of leftovers in one hand, laptop in the other, and a peaceful bedroom at Grandma’s house sounds like a darned fine Thanksgiving to me.
Even organizations that don’t normally allow users to work from home will see spikes in remote access over the holidays. Some folks might actually even be working instead of just staring at their laptops in a tryptophan coma (as an aside, check out this interesting article on the truth about tryptophan). The same can be said about summer vacations - for better or worse, many of us simply can’t shut down for a long weekend with the in-laws or two weeks at Disneyworld. And here in New England, with as much as a foot of snow on the way today, the season of weather-related closures and absences is upon us.
What all of this means is that companies need to be prepared to securely facilitate remote work, regardless of their policies. At the same time, employees need to be cognizant of the risks inherent in jumping onto Grandpa’s computer for a bit of work or sneaking off to the local pub for a few beers and free WiFi. I touched on this earlier this month when I wrote about securing the home office, but holidays and vacations tend to introduce far less controlled environments than dedicated home offices often entail.
When was the last time Uncle Bob updated his antivirus software? And is that Windows 98 he’s using? Aunt Joan might make a great pumpkin pie, but how secure is her wireless network? What will you be bringing back to the office Monday on that USB stick you worked from on your nephew’s laptop? And just what were you thinking logging into your email on that public kiosk while you waited for your delayed flight?
There are two sides to keeping users and their respective organizations safe when the call of the office is too strong over the holidays. The first lies with the business itself. Implementing a VPN goes a long way towards ensuring that employees accessing corporate networks from public hotspots aren’t spewing out usernames and passwords to anyone who might be sniffing around. Managing mobile devices and rolling out strong antivirus on both clients and the networks also provides important layers of protection, whether users are at Grandma’s or they’ve just come back to the office from vacation. Even encouraging (and/or subsidizing) the use of personal 3G/4G hotspots offers much greater security than using public WiFi, shared computers, and other uncontrolled environments.
The second lies with the users. Common sense often goes by the wayside after three helpings of turkey, a few glasses of wine, and half a pumpkin pie, but protecting an organization’s digital assets is very much a shared responsibility. USB sticks aren’t your friends. Ever. Avoid using public computers or those shared with your nephew at all costs -- Laptops are light and cheap and your employer has business-grade file sync and share, right? Right? Retailers are practically giving away tablets right now, making it relatively easy to bring your own computing power with you. And if you don’t have your own 3G/4G connection to the Internet, it’s probably time for a conversation with IT about VPNs.
If you’re in the US, enjoy the holiday and stay safe (both in terms of security and otherwise). If it doesn’t happen to be a major holiday where you are, well, chances are we’ll at least be checking our email, hopefully on a properly managed smartphone.