Suntan lotion, beach towel, and IT security
It’s that time of year again when people’s thoughts drift from the work-related tasks at hand and turn to beach-filled days, BBQs in the backyard, time at the cottage, or enjoying a local craft IPA at the 19th hole (my personal favorite). However, cutting loose and forgetting about work in this age of 24/7 connectivity isn’t the reality it used to be.
Though summer may be here and vacation days just around the corner, the need for reviewing your IT security infrastructure and policies is as important now as it is all year—in fact, possibly more.
As people leave on vacation, the leash that is modern mobility is firmly attached, meaning that people’s access to corporate IT infrastructure doesn’t change. However, what needs to be addressed is the situational aspect of how they connect, where they connect, and what they might lose.
First, there’s connectivity. Not unlike traveling south in the winter months, traveling to vacation destinations in the summer offers up the same IT security risks. Shoddy, unsecured WiFi at hotels, Airbnb, restaurants, and more—these unsecured connections present potential risks to your network and entry points into your corporate files.
Then there’s the lost physical IT assets. Whether it’s a beach, restaurant, a mid-day visit to the hotel bar that turns into a 6-hour event (don’t judge me … I’m on vacation), in transit, or a tourist site—accidentally leaving your phone somewhere or forgetting your bag with your laptop can happen to anyone.
So, what do IT departments need to consider? Let’s start with the device itself. Ensure passwords are robust, mobile access for wiping content is present, geolocation tracking is implemented, and what to do and who to notify when something is lost is covered.
Next, the network perimeter should always be ready for anything. Ensuring that such things as email and other communication accounts associated with the lost device are flagged so that nothing can penetrate the proverbial fortress is as important as turning the lost asset into a useless brick—or at least a free and benign gift—for anyone who may have found the device.
Finally, make sure that your detection prowess is on full alert—not that it wouldn’t be. But at a time of year when more vulnerabilities can present themselves through seasonally lowered personal defenses (again, the bar was running a promotion so please don’t judge), make sure that all systems are updated, monitored, and ready for anything—after all, IT people go on vacation too, but who is watching the gate?
In all, the most important thing here is education. Stopping a breach before it happens is better than managing after the fact. If people are aware that WiFi is a potential danger, and that losing a device is not a fireable offense, then companies of all kinds have a better chance of mitigating risk. When people know who to call and how to shut down access through password changes, mobile device tracking, wiping, and so on, everything becomes nothing more than the price of a lost asset—far better than a breach that could cripple your brand.