We hear a lot about data breaches and cyber crimes affecting individuals, but what about organizations? From manufacturing companies to government agencies, every sector is at risk. We look at some ways to reduce your cybersecurity risks this holiday season.
According to a recent report from the Ponemon Institute conducted on behalf of IBM, 77% of organizations don’t have a cybersecurity incident response plan applied consistently across the enterprise. An employee’s actions—either accidental or intentional—could jeopardize your entire organization this holiday season.
Top holiday cybersecurity risks for organizations
Holiday shopping on company time
According to the Morphisec: Holiday Impact on Enterprise Security Survey, nearly half of professionals will use a work-issued computer or mobile device for online shopping or gift searching.
That means that while employees are crossing names off their lists, they could be exposing the organization to cyber criminals on the lookout for phishing, ransomware, or credit card fraud targets.
The internet of (potentially unsafe) things
There have been a number of news stories about internet of things (IoT) devices being compromised. Earlier this year, Google issued a warning after some Nest camera interceptions, including a hacker who peered into a baby’s room and another who swore through the camera’s microphone into a family’s living room.
Organizations also use connected technology to do things like tracking products through the supply chain, remotely monitoring premises, and even making coffee. Adding another level of complexity is employees who bring IoT gifts into work, whether it’s a fitness tracker or a gaming system.
Despite the growing risks, only 9% of companies said their organizations currently inform and educate employees and third parties about the dangers created by IoT devices.
“Just one bad actor who gains access to a temporary user account with network privileges can cause serious damage.”
Seasonal employees with year-round access
Many organizations hire temporary seasonal employees to help deliver products and services during busy times. However, if you’re not properly managing the data after these short-term employees leave, it can pose a huge security risk.
A large company could have thousands of user accounts granting all sorts of permissions and privileges, making it a huge challenge to manage access life cycles. Just one bad actor who gains access to a temporary user account with network privileges can cause serious damage. Or, an employee could steal critical data, or even access confidential information and systems after they’ve left the organization.
Growing third-party risk
Many organizations increasingly rely on vendors and third parties during the holidays, putting sensitive data at risk. When you’re dealing with multiple third-party vendors, the chance of employee error increases drastically. CompTIA’s International Trends in Cybersecurity research found that 52% of respondents felt cybersecurity issues were caused by human factors.
In 2017, the global shipping companies Maersk and FedEx were crippled by the NotPetya cyber attack, which led to hundreds of millions of dollars in losses. It infected computers and demanded a Bitcoin ransom to restore access to files. The attack overall resulted in billions of dollars worth of damage across Ukraine, Russia, Denmark, the UK, and the US.
How to prevent holiday cybersecurity risks
While you can’t avoid every security issue, by being proactive you’ll reduce the likelihood of a data breach or cyber attack happening to your organization this season. Here’s how:
- Provide security awareness training to employees. (Assessment questionnaires can be a great tool for managing staff education.)
- Immediately deactivate user accounts when someone leaves the organization.
- Use software like RiskBond that identifies, assesses, responds to, and monitors your enterprise risks.
- Reduce human error through better third-party risk management.
Obviously, cybersecurity isn’t a seasonal gig. But taking extra precautions during the holidays can help prevent incidents that could keep your organization from having a Happy New Year!
Third-party risk management essentials
This eBook highlights the:
- Basics of third-party risk management.
- Difference between TPRM and vendor risk management.
- Process of picking a risk management framework that best fits your organization.