Businesses could be at risk of both physical and logical security breaches over the festive season and must take preventative action, warned Richard Moss, general manager, business continuity, security and governance practice, Asia Pacific, BT. BT is a communications solutions provider.
"Christmas is a time to relax and enjoy, but criminals do not take holidays," said Moss.
"Often over this period, there is a lower level of vigilance on many corporate networks," he added. "Businesses that let their guard down and leave networks unattended afford potential hackers longer periods of time to gain unauthorised access to IT systems without being detected," he said.
Security not just IT department's responsibility
According to Moss, security is not only the responsibility of the IT department.
Many staff work from home over the long holiday, taking laptops and IT equipment off of the premises that may have sensitive and valuable data, he pointed out.
His advice--it is important that discs are encrypted and laptop backups taken.
Here are Moss's tips to keep your business operating smoothly over the 12 days of Christmas:
1. Ensure all intruder alarms are working and activated and that the alarm company knows of the holiday date, and has an up to date list of key holders
2. Protect against fire: Take out all combustible rubbish. Safety test your Christmas lights and then turn them off while the office is shut, along with all other unnecessary electrical items, such as water heaters
3. Conduct employment checks on all contract staff and ensure that they are not allowed access to the office without supervision
4. Have all surface mail held by the post office for the holiday period
5. Give ergonomic and risk assessments to staff working from home and make sure that they have somewhere safe to secure their laptop and any sensitive papers, memory sticks and media in their home
6. Secure all home office routers with strong admin and WLAN passwords, and ensure up-to-date anti-virus software
7. Make sure that all servers have up-to-date patches
8. Check that all systems are fully backed up, with off-site backups and ensure that laptops are backed up, including any local e-mail files
9. Disable any wireless LAN access points that are not needed as these could be used to gain unauthorised access to networks and systems
10. Have all networks monitored by a third party for unusual activity which correlates the firewall and intrusion detection system logs for suspicious and unusual activity, and ensure that contact names are up to date with the provider of the service
11. Verify that any network monitoring systems are fully operational
12. Do not hold your office party on the premises, where IT equipment could be damaged
These security precautions are not for holidays only, Moss said. They should be taken seriously as a regular practice to guard your business against security breaches all the year round, he added.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.