In a couple weeks everyone will be off for the holidays–relaxing at home or traveling to spend time with family and friends. Oh, wait! Not everyone.
Even in a company where almost everyone checks out and doesn’t come back until next year, somebody has to continue to monitor and maintain network security. The challenge is to ensure your network remains protected, and to do so in a way that is fair and shares the burden across the whole IT team.
I wrote this post about how to enjoy the holidays while also making sure the network is secure:
I’m not sure why we even bother showing up to work in the month of December. The first week is spent coming down off of the Thanksgiving-gluttony food coma and frantically shopping online during work hours to find holiday gift bargains. We show up for the next two weeks because of a mandatory requirement to be physically present (even though you’ve already mentally checked out) and you’re just counting the days to the holiday break. Don’t slack off too much, though. If you really want to relax and enjoy holidays, there are a few things you need to do first.
While everyone is at home spending time with family, drinking eggnog, and opening gifts, the world does not actually stop. In fact, from a cybercriminal’s perspective this offers a prime opportunity to attack because they know that everyone is busy. There’s a good chance nobody is really paying attention to network security.
Your job is to make sure you’re not the low-hanging fruit, and that you do pay attention to network security over the holidays. You need to have a plan in place to deal with any issues that arise.
Drawing the short straw
For starters, somebody has to stand guard. Even if your employees are all at home relaxing for the holidays, someone must still keep an eye on the network, monitoring for any suspicious or malicious activity.
It would be unfair to just assign that responsibility to an employee who doesn’t celebrate Christmas, but it also makes some sense. However you choose the person to guard the network over the holidays, and be the first responder in case of any incidents, you should compensate the individual…and then some. For every day your employee has to work over a holiday break, they should receive a day-and-a-half of time off that can be used at another time.
Sharing the burden
Another approach is to spread the responsibility out so that everyone puts in some time guarding the network—and everyone also gets time off to relax and enjoy the holidays. You can just divide the number of days in the holiday break by the number of available employees and come up with some sort of system to decide who works which days. It could be better to have employees work two or three consecutive days or to set up a schedule where each person takes a turn every few days.
One common tradeoff is between Christmas Eve and Christmas Day, and New Year’s Eve and New Year’s Day. Often married workers—particularly those with children—will have Christmas Eve and Christmas Day off to spend with family, and in exchange they will work New Year’s Eve or New Year’s Day so that others who would be so inclined can go out and party.
Read the complete post on the RSA Conference blog: How to Enjoy the Holidays (While Keeping The Network Secure).