The same way you prepare your business for the holiday season, you can also prepare for better risk management. Even though information security is an ongoing process, the holidays always come with their additional set of risks. Here are seven areas you can watch out for and improve on as you get ready for the holidays.
- Insider Threats
Around the holiday season hackers beef up their game with risky emails that are just waiting to be opened and distribute malware. Make sure your employees know what to look for in order to ensure they’re not opening the enterprise network to malicious intruders.
Security vulnerabilities are always lurking around, especially when a majority of businesses don’t conduct regular vulnerability assessments. If you haven’t had an assessment of your network and infrastructure’s security standing, you may want to schedule one now to avoid repercussions following a breach.
- Third-Party Partners
As the year comes to a close business partnerships are renewed and terminated. Those partners who provide you with server space and data storage are important for the continuation of your business operations, but also carry their security risks. Not to mention HIPAA audits and ensuring everyone is compliant. Make a checklist of security posture.
The implementation of innovative technology to improve work performance and speed up business processes, as well as secure the enterprise environment are a great plus. However, if not managed effectively and kept up to date, patched, and vetted; carry their own security risks. Whether you’re using technology products for security or workflow, you have to keep eyes on them from a standpoint of security. Remember, technology developers and companies, don’t always have data security in the forefront.
- InfoSec Communication
With end of the year and holiday meetings, security pros and the executive team, can take the opportunity to outline their existing security posture, as well as discuss their plans for the new year. This is also a chance for everyone to work on their communication skills. For the CIO this means trying to communicate risks in a business leadership language, and for the board and CEO to ask questions that can help them better understand IT security needs and challenges.
- Employee InfoSec habits
We recently discussed how employee information security habits requires attention. Employees continue to do things that put the corporate network, data, and infrastructure at risk. These behaviors can include using USB devices that aren’t secure, opening emails without the necessary knowledge of when not to download an attachment or accessing company data over an unsecure network, to name a few. Make a list or questionnaire to vet what your employees know about security best practices and from there plan an end of the year or new year meeting where you can address these issues with employees.
- Data Recovery/Backup
Data recovery is important year round, but winter weather has been known to be quite brutal and unexpected. This not only puts your data at a higher risk of loss, but there’s also the possibility of a complete shutdown. In addition to unexpected weather patterns, ransomware makes it even more essential for organizations to have a data backup and recovery plan. You want to be able and quickly regain access to your data, not have to wait until you make the ransom payment. Can you imagine what would happen if the data you use for your day to day operations became inaccessible? You would be stuck; your business would be stuck.
This seven item information security holiday checklist doesn’t imply that you shouldn’t implement these measures once the holidays are over, actually quite the contrary. Also, the list includes some of the things you want to watch out for to reduce your enterprise risks, but it is by far all-inclusive. The array of risk management issues organizations need to prepare for are never-ending in nature.
How is your organization preparing for the holiday season’s additional security risks?
Photo Courtesy of Carlos Amarillo