In the lead up to the Easter long weekend, many small business owners are thinking about how to manage the challenges of the upcoming break.Some are shutting down for a few days, some are looking at staffing levels and costs across the four days, others are trying to strike the perfect balance between staying open and managing those labour costs. It’s a busy time of year, which is why there’s a strong chance that you haven’t prioritised information security.
Human error, or rather human decision-making, is responsible for many different types of information security breaches. The thing about going on holiday or having a skeleton crew of staff is that everyone’s a little (or a lot) more stressed and distracted. And that’s when things go wrong.
you run a busy online store, and you’ve decided to close down the office for the long weekend and give your small team all four days off. But you’ve got queries and orders coming in from overseas. You decide to take your laptop with you, and answer the most urgent ones for a couple of hours a day while you’re down the coast. One day, after a long heavy lunch, an email comes through that looks like it’s from a big client. The sender name is right, but because you’re not on the ball, you don’t check the address it’s come from before opening the attachment – and suddenly, you’re locked out of your emails altogether by a piece of ransomware.
This is just one example of a scenario where holiday-induced lack of vigilance can have an impact. For example, if you have internet-connected automation at your premises, it could be controlled remotely if a responsible staff member’s device (smart phone, tablet etc.) were to fall in to the wrong hands. Or it could be something as simple as a smart phone, taken on holiday, with sensitive information stored in the email app.
The point is this: it’s important to be aware of how your organisation’s information security vigilance wanes at certain times of the year. Have policies in place to make sure that people can relax without taking unnecessary risks. And make sure that staff at all levels know what those risks are.
To start improving your security culture from the inside out, check out our back-to-basics unit, Introduction to Information Security. It’s comprehensive without being overwhelming, it’s all online (so it’s flexible), and it’s easy to follow for learners of all ages and ability levels.