Going on holiday is often synonymous with letting go… of good habits. For a few days during the summer, we’re all used to saying goodbye to those strict clothes, waiving off (temporarily) our work phones and computers in favor of a glass of wine served on a terrace by the sea.
That being said, this period of navel gazing and self-indulgence comes at a price. We are no longer physically connected to our office, but we are still connected (that check in won’t post itself #winkwink).
It is exactly this type of negligence that can have a damaging and, of course, unexpected, impact on the digital wellbeing of individuals and, by extension, of companies. As tempted as we may be to treat cybersecurity best practices lightly, we must not ignore the risks. Hackers know very well what our weaknesses are and do not hesitate to use them against us. So why show ourselves even more vulnerable than we already are?
Did You Know That…
…if you are a victim of hacking, be it during the summer or not, you can be held liable for the data on your devices.
As an individual, you ‘only’ risk the loss of your data. But as an employee, this type of incident may cause you major problems. You will probably say to yourself: as long as it didn’t happen on any of your work devices, nothing to worry about, right?
FALSE. Often the lines between private life and work life are blurred. Suppose you tried not to completely disconnect from the office during the holidays.
Inevitably, your laptop or personal computer may contain the contact details or, at the very least, give access to the contact details of certain customers and prospects. If this data were to be retrieved by a hacker, well, let’s just say that, depending on the part of the world you live in, different consequences may incur.
In France, the Godfrain Law (released on January 5th, 1988) states that you may be judged for having facilitated access within an IS with unintended damage. Penalties range from 2 months imprisonment and 1500 euro fine to 2 years imprisonment and a fine of € 15,000.
Furthermore, these measures may also be accompanied by a deprivation of civil rights (prohibition of work in the public service, for instance). Doesn’t feel so good to be bad now, does it?
…if you don’t live in France, it might be useful to know that the Godfrain Law is not the only one that can cause you problems. For the implementation of the GRDP (General Regulation on Data Protection), you risk paying even more for your carelessness.
Heavy sanctions aimed at controllers and processors that violate the rules on data protection include the following: “Data controllers can face fines of up to €20 million or 4% of their global annual turnover. These administrative sanctions will be imposed by the national data protection authorities.”
For those who have not yet heard of the GRDP, it is the central pole regarding all the measures proposed by the European Commission on data protection and adopted by the European Parliament on April 14th, 2016.
…in 2015, the number of attacks via malware tripled. The majority tried to exploit vulnerabilities in Office applications on user devices (read the full report here).
It’s very easy to imagine, in this case, a person opening, on his/her personal device, a document belonging to the company. Let’s be honest, we all know at least one person who does this, especially during the summer. I’ll just check my emails quickly.
Unfortunately for them, the holiday season is also the time during which the number of malware increases by 26% compared to numbers recorded in previous quarters. That being said, it does not come as a surprise that cybercriminals are often into tricking individuals in order to to open a breach in the company.
If we take into account recent data breaches (read here our previous article on “Cybersecurity hygiene & social networks: abysmal results”) and the fact that 20% of people reuse the same password everywhere, we certainly understand the need for yet another article on cybersecurity awareness.
Take Your Cybersecurity Manners With You
Employees should be the first line of defense for a company that values its sensitive data. But, once or several times a year, these employees take their leave and, unfortunately, they do not stray far from their connected devices.
Organizations that aspires to a real cybersecurity policy owe it to themselves to find a way to make their employees understand one thing: cybersecurity is not just a constraint, the application of which should only occur when threatened.
Cybersecurity is both a personal and collective exercise, a state of mind if you like, which requires continuous effort and the application of which is made taking into account the common interest of the organization. Once this idea is understood and, above all, accepted, your teams will finally realize that IT security goes beyond just the simple limitations we impose regarding the separation between our work life and our private life.
To get to a business, attackers need a ‘window of opportunity’. Do not open the window to hackers and remain constant in your cybersecurity routine, be it during weekends, summer holidays or on Christmas Eve.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access