How to put on a vacation

Summer is a really busy time for us. A lot of flights, trips, and then... well, vacations! For CISOs, the travel and vacation period can be a very difficult time. That’s why we implement a few strategies to ensure secure access and help employees not to forget all the IS rules while they're on the road. Let's have a look at the checklist and find out, how we do it.

1.         Make sure, that access system is configured appropriately
Appropriately means, that a particular employee should have access only to those documents, tasks and data in CRM base, which directly corresponds with his/her job duties; line manager should have access to documents, tasks, data in CRM base, which corresponds with his/ her own job duties and department employees’; CEO should have access everywhere. I just can't help mentioning our magical FileAuditor solution. It obtains all the sensitive data, labels it and protects from unauthorized access in any application or service!  It really helps me and a lot of my colleagues to keep our nerves.  

2.         Make sure, that an employee hasn’t shared confidential data in advance
In order to be able to work remotely, many workaholics try to provide themselves with all necessary information and accesses. Public clouds, free private email services, flash drives don’t ensure safety of data keeping and transmitting. What’s more, users often even forget to restrict  access to them and don’t care about data encryption. That’s why it’s crucial to prohibit uploading any corporate data to public services and explain precisely why it’s dangerous to all employees. I’d like to mention, that facts of deliberate leaks are easily detected by advanced DLP systems.

3.         Ensure security, if employee has to work with corporate data using unverified Wi-Fi hotspots
Some employees have to use their corporate laptops during a vacation. In this case it’s crucial to ensure, that an employee won’t have to worry about internet connection security. IT department experts should be ready to set up VPN, and, thus, significantly reduce the risk of exposing confidential data when working outside the office.

4.         Make sure, that no one logs into employee’s account
This protective measure may be implemented in different ways. First of all, IT specialists may block employee’s account for the vacation period in active directory. This way has one drawback – even legitimate access will be prohibited too. 

Another option, which is more efficient, is to set two-factor authentication. Do your corporate services allow to set up it?

While these tips may seem obvious, in fact, many companies don't follow the advice mentioned. 

This can lead to emergency calls to colleagues with demand to share account credentials, as well as other dangerous actions. 

So, let's play it safe and make sure everything is put in order before enjoying the great summer!

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.