Spring and summer months signal a time for many to press pause on hectic schedules and enjoy a week of vacation. But with the office in the rear view, basic cybersecurity processes and procedures still need to remain priorities. The reason is simple. You might be getting much-needed R&R in Florida, but the bad guys are not. Cybercrime — one of the biggest threats to the U.S. — costs businesses up to $400 billion a year. Attackers are a determined bunch, constantly refining their methods to gain access to and steal sensitive information, identities, intellectual property and more.
And as the network perimeter expands, the attack surface expands with it. According to a Tech Pro Research survey, the bring your own device (BYOD) movement is booming, with 74 percent of organizations either already using or planning to allow employees to bring their own devices to work. Beyond BYOD, other common behaviors of the mobile workforce, like storing sensitive data in the cloud and connecting to the corporate network via public Wi-Fi, create endless entry points for cyber attacks.
In this slideshow, Blue Coat has identified five steps organizations can take to maintain a solid security posture, even while employees are on vacation.
A Solid Cybersecurity Plan
Click through for five steps organizations can take to maintain a solid security posture, even while employees are on vacation, as identified by Blue Coat.
Block the Riskiest TLDs
Businesses should be aware and vigilant about the online neighborhoods they visit. Even the “safest” TLDs are not without risk of threats from nefarious players, and it remains as critical as ever to have strong digital security protection and policies in place. Businesses should consider blocking traffic to the top five riskiest TLDs, including .work, .gq, .science, .kim and .country.
Find out more: The Web’s Shadiest Neighborhoods: What You Need to Know
Educate Your Employees
Train (or at least warn) users about the common infection vectors for the threats they’re most likely to encounter. These tips and warnings can include: don’t download apps from unofficial sources, resist the temptation to search for free/cracked versions of popular apps, don’t surf porn, and finally, don’t jailbreak a phone (i.e., don’t override the phone’s inherent security). In addition, users should be wary of connecting to free or unsecured Wi-Fi networks, and pay attention to any warnings if they do.
Establish Acceptable Use Policies
To prevent breaches from occurring, organizations should create acceptable use policies, which are meant to be internal guiding principles to regulate employee use of computers and the Internet. While these policies can vary by company, it’s important to implement company-wide standards to reduce the overall network surface area of an attack. The more freedom organizations grant their employees to select and customize operating systems, applications and computing devices, and to use the Internet, the less secure the organization’s IT infrastructure will be.
Increase Use of SSL/TLS
Breaches can’t always be prevented. The rapid adoption of cloud apps and services dramatically expands and complicates the IT environment, accelerates SSL/TLS encrypted traffic use, and expands the risk surface for attacker exploitation. Applications such as social media, file storage, search and cloud-based software increasingly use SSL/TLS as their communications foundation.
Implement Breach Detection and Analysis
It’s important to implement data breach detection and analysis. One of the most damaging factors to companies when a breach does occur is the associated financial ramifications, which directly relate to the type and amount of information exposed. Many organizations find themselves in a predicament of not knowing what was exposed, making the clean-up process more complicated. By knowing what happened, and what information was exposed, companies can save millions of dollars. Monitoring recordings and putting processes in place to track and record can help to avoid this challenge if a breach occurs.