Many businesses and offices will soon look like ghost towns–well, ghost towns that are decorated for the holidays at least. With most or all of the employees home enjoying the holidays with friends and family, cybercriminals will be working overtime to access you network and data.
The doors are locked. The lights are off. All through the office not a creature is stirring, not even a mouse.
Well, one can hope at least.
In a few weeks that’s how most organizations will look. Business will all-but-cease and many employees will be home celebrating the holidays with family and friends. Hackers, cybercriminals, and malware, on the other hand, will be putting in extra hours to try and catch companies with their defenses down and no one around to stop them.
Thankfully, there are a couple things that you can do to tighten up security while the office is closed so that you can protect your data and network resources from attackers while your security staff is enjoying a well-deserved holiday vacation.
Minimize the attack landscape
There’s a simple tenet of computer and network security: If you’re not using it, don’t leave it on. For example, think of things like services and features in an operating system or drivers for devices you no longer use. This is sage advice all year long. The simple fact is that anything can be a potential attack vector, so it makes sense to leave as few opportunities as possible for cybercriminals to exploit.
When it comes to an extended office-wide shutdown, like many companies over the holidays, you can expand this philosophy across the entire infrastructure. However, most companies don’t shut down completely—there’s still some business being conducted, or at the very least there’s still a company website to maintain. Every system that isn’t actually being used, however, should be completely powered off.
Read the full story on the RSA Conference blog: Protecting a Ghost Town: How to Stay Secure When Your Staff Is on Vacation.
- Tackling Swivel Chair Syndrome - November 14, 2024
- Unlocking Proactive Compliance with Adobe’s Common Controls Framework - October 14, 2024
- Unlocking the Power of Continuous Threat Exposure Management - October 8, 2024