Summer! It is the favourite time of the year for many of us. Let’s be honest, the blue sky and a sunny holiday to count down to… You would roll out of bed in a good mood for less. Unfortunately, the summer also means a greater risk for cybercrime, and certainly towards SMEs. Research shows that phishing and malware attacks increase visibly during the summer months. Our own cybersecurity experts can also attest to this unfortunate trend. Don’t get caught in misery this summer and watch out for these 5 security pitfalls.
1. Rush rush rush… lots of handovers, too little time!
Before you know it, the time has come. That day you have been counting down to for so long is getting closer… while you are already daydreaming about your feet in the sand, that to-do list remains very long. There is little time left for a decent transfer and tasks are not completed with full attention. We often send our passwords via e-mail to the colleagues who stay home because that is the easiest and fastest thing to do. Very dangerous! Everyone knows that you shouldn’t share passwords via email (and no, also not via Teams or Skype), and yet we are often guilty of it. Don’t do it though, as hackers are often lurking and your password is worth its weight in gold. Once they have access to one system, it doesn’t take long before they are inside in all systems.
Also make sure you make a good handover, especially if you deal with sensitive or personal data for your job. This way you prevent potential data breaches and mistakes while you are away, and a large load of stress upon your return.
2. Automatic or bad OOOs.
A security culprit that we may not think of so quickly are our OOOs or Out of Offices. A poorly drafted OOO can pass on sensitive data of yourself to anyone that mails you during your absence. You often, with the best of intentions, put the duration of your absence, your holiday destination, the name and number of your acquiring colleague in your automatic message. Nothing wrong with that in itself, but keep in mind that hackers can make good use of this information. For example, they can use it for a social engineering attack such as spear phishing. This is a form of phishing where criminals target a specific individual, organisation or company. They create messages that look exactly as if they were really coming from a specific person in your organisation and then take advantage of the fact that you are not there to lure colleagues into the trap.
Furthermore, it is best to be careful with the automatic forwarding of incoming mails. If you sometimes work with personal data, this can lead to a data breach. After all, you do not want (sensitive) personal data of customers or colleagues to fall into the wrong hands (or in front of eyes who are not allowed to see this type of information).
3. Less monitoring, more freedom.
You probably know the saying, when the cat’s away, the mice will play. Fewer people in the office also means less (social) control. We will then be more cumbersome with rules and established procedures. Often this is very innocent. Just think eating outside in the sun with colleagues where the door remains openen, allowing anyone and everyone to just come in. Nevertheless, it is important to stick to these procedures. After all, they are drawn up to safeguard the safety of the company and its employees. Nothing wrong with eating outside in the sun, just don’t forget to always close the door in that case!
4. Work travels with you.
Even when we go on holiday, we sometimes take work with us. Our (professional) laptops or smartphones go abroad with us because we secretly want to be able to check our emails. You connect your device to an unsecured network and hey, a hacker is inside your company’s online infrastructure. It happens faster than you might expect. Another risk of traveling with your business technology is of course also the increased risk of theft. Leave therefore your work laptop home for a week. Those emails can wait and your mental health will thank you later as well.
5.Use of private mail.
We all know that it is actually not allowed, but we are often guilty of forwarding professional information to our private e-mail, such as a password or a username. This way, we can easily retrieve it at home (and on holiday). Nevertheless, in doing so, you’re creating quite the risk for your organisation. For example, your personal email is beyond the control of your company’s IT department. There is no backup, no archive and there probably isn’t the same level of security measures installed. It can also pose a legal risk, since your personal mail is not stored on your employer’s servers. Even if your company has a watertight privacy policy, when you use your personal email address for professional purposes, this entire security framework falls away. Therefore, never forward things to your private email.
Privacy and cybersecurity risks will always be present. It is almost impossible to be 100% resistant to them. Still, small steps and little changes can have a huge impact. The first step often starts with awareness; make sure your employees are aware of the risks and the things that can go wrong. Many of the above mentioned mistakes happen unconsciously or without malicious intent, and can therefore easily be prevented.
We wish you a sunny, but above all safe summer!