Or The CISO’s Guide to Enjoying Summer Holidays
The summer holidays are nearly here, and everyone across the company will be taking a well-deserved rest at some point over the summer. But wait, you really don’t want that fabulous holiday you have planned to be ruined by a cyber attack. And with 86% of security teams reporting that they have missed a holiday or weekend activity at least one due to a cyber attack, it is definitely worth taking some pre-emptive action.
Statistically, more cyber attacks take place out of hours, at weekends, and during holidays than they do in the middle of a work-week when everyone is in the office, primed and ready to handle anything that comes their way. Attackers take advantage of staff shortages, fewer checks on the perimeter, and slower response times to launch attacks and wreak maximum damage.
It’s well worth taking some time in the lead up to the holiday to make sure that everything is as organised as it can be, and everyone knows their roles so that everything continues to run smoothly while you are away. Here are our top tips to prepare for your holiday.
1. Create a checklist of cybersecurity tasks
Make sure you don’t forget anything – make a checklist and work through it ahead of the holiday. As a recurring theme through the rest of these tips – don’t do everything alone, enlist the help of key people across the organisation, especially those people who are going to be keeping security running while you are away.
As a plus, the remaining tips in this blog should help create the basis of this checklist.
2. Verify that your security tools are in working order
Your security is only as good as the configuration of your security tools. Misconfigurations in a security system can be exploited by attackers.
Are all security tools configured to run correctly? Just some of the main things to look at are:
- Have you run a test recently that the rules are stopping malicious behaviour? Can you run tests now before the holiday?
- Are the right addresses whitelisted (rather than blacklisted)?
- Who can add a new application/ system/ IP address to the network? Do they know you are away and won’t be able to provide support and whitelisting to get their new tools up and running?
- Are email filters in place and doing their thing?
- Are firewalls and perimeter security arrangements robust?
3. Are you all up to date?
Stay ahead of cyber attack by ensuring that all systems are updated to their latest versions. This is especially important ahead of a holiday as the longer it is since the last update was released, the higher the chance an attacker will find a vulnerability to exploit.
Consider looking at:
- Any vendor release notifications you may have received and not actioned
- The versions of systems and applications in use compared to the latest versions available from the vendors
- Automated update processes to ensure updates happen in a timely manner
4. Go over network activity for the last few weeks
Many attackers are lurkers, they may send out scouts ahead of time who will sit on systems for days, weeks, or even months before they launch their attack at just the right moment (for them, not you). Take some time for a final review of all monitoring tools double checking that nothing suspicious is hiding somewhere inside the network.
Just some of the things you may want to look for include:
- Unusual traffic on the network (both inbound and outbound)
- Changes to account permissions
- Increases in database read volumes
- New log in activity to systems from unfamiliar locations and addresses
- User activity at unusual times
5. Automate backups – and check they are working properly
Backups are your friend should something go wrong and systems lose data for any reason. Ahead of your holiday, take a moment to ensure:
- That your backup processes are running as they should be
- That a backup can be easily restored – now may be a good time to test it
- If you are responsible for taking a manual backup, ensure that someone else knows how to create and store the backup
6. Put that push in for MFA
MFA can significantly reduce the impact of a phishing attack, credentials stuffing attack, or brute force attack by adding an extra layer of verification to get into accounts. In addition to tightening up MFA rules and requiring employees to use it, now may be a good time to check password rules and ensure that they require users to create secure passwords.
7. Use your colleagues wisely
No security officer is an island – you can’t do everything alone, especially if you are off on holiday.
Everyone in your organisation can be a security champion – are you using them effectively? Have they carried out security training recently to remind users across the entire organisation how to stay safe? Is there time to run a quick phishing training?
8. Prime your replacements
Even though you are on holiday, your organisation is not, and neither are the cyber attackers out there.
- Have you handed security responsibilities to one or more people across the company?
- Do you have any guides in place for them to follow?
- Do the people covering for you know what to do in the event of an incident?
- If necessary, use outside support to ensure that your cybersecurity never sleeps.
9. Does your organisation have a holiday security policy?
Just like you are going on holiday, so are other employees across the organisation. And employees taking their work computers on holiday with them and losing them is a real risk and major headache.
Has your organisation created a holiday policy that sets out rules and responsibilities for employees when going abroad? Consider a guide to employees for staying safe when on holiday that includes guidance on the following:
- Restrictions on taking work devices to certain countries (or even abroad at all if appropriate)
- How to disable work applications on personal devices while away
- How to protect phones and laptops in the event they are lost or stolen, for example using remote wipe capabilities, hard disk encryption, access protections for work applications
- How to use MFA effectively, including using and MFA method that connects from a different device
Enjoy your holiday!