It’s the first year of major holiday travel in the post-pandemic remote work world. Here’s what businesses can do to protect themselves from elevated holiday cybersecurity risks.
It’s late 2021, and we may not be in the post-pandemic winter wonderland we had hoped for, but holiday travel still isn’t off the table in the same way it was last year. That said, while most of us are gearing up to see loved ones long absent, IT security teams may be feeling a bit more pressured: This is the first year wide scale remote work policies will be tested by the madness of holiday travel.
The rapid shift to remote work triggered by COVID-19 has largely been a success, but that doesn’t mean workers haven’t picked up bad habits, some of which can be cybersecurity risks for their employers. “Remote work has only increased [cybersecurity] risk. Employees routinely use home networks and personal devices, and physical separation from colleagues means employees are prone to make snap decisions on their own,” said Gartner research director William Candrick.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
We’re living through some interesting times right now, and the chaos that comes with interesting times is just what cybercriminals like to thrive in. Toss in a bunch of people traveling with company hardware, or personal hardware that is used for work, and you have a situation that’s even more interesting than usual.
If businesses are going to stay safe this holiday season, it’s essential that they take precautions like those recommended by Candrick and Forrester principal analyst for security and risk, Heidi Shey.
2021 holiday season out-of-office security strategies
With everyone away, it’s important to keep your data and data center (virtual or physical) locked up tighter than Santa’s workshop in crunch mode. That said, most cybersecurity professionals have been getting good practice for the previous couple of years.
“Overall, I think a key message is continued vigilance for employees working remotely and trying to work from home during this pandemic: you might be on vacation for the holidays, but fraudsters and cybercriminals are not,” said Shey.
Shey also notes that this is the time of year when phishing,
and other common fraud strategies rear up in new, holiday themed and custom-tailored approaches designed to cast as wide a net as possible during a short time period. Now is the time, Shey said, to remind employees of the types of fraud they’re likely to expect, like fake package delay notices or happy holiday emails that contain mysterious files or links the recipient is encouraged to click. “To succeed, cybercriminals need individuals to do what they ask of them. Remind employees to slow down and pause, report suspicious requests and emails to IT, and double check through other means when in doubt,” Shay said.
In addition, she said that employees should be discouraged from using business accounts to do personal business, like ordering gifts or planning holiday travel. The same goes for using business hardware to conduct personal business: The more you keep your personal computing separated from your business computing the safer both your personal and business data is.
Gartner makes a similar recommendation, along with advising businesses to “invest in security awareness programs designed to change employee behavior,” Candrick said. “A modern approach to employee awareness includes multi-channel engagement to educate employees, recurring testing to drive improvement (such as phishing simulations), incentives to reinforce good behavior (including gamification), and metrics that identify pockets of risk within the organization.”
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
Employees should generally try to stick to remote work best practices, and businesses should establish clear remote work guidelines that include what employees should and shouldn’t do with company-owned assets and accounts, and what security precautions to take while traveling.
We’re heading into more uncharted territory this holiday season, and security risks should be at the top of every business and IT leader: Remote employees will be creating even more risk as they travel to and fro, but there’s not a lot of new concerns to worry about. Consider the pandemic immersive training for what’s likely to happen this holiday season, and take proactive precautions to avoid it.