The 5 Things Every Leader Should Know for A Cyber-Vigilant Summer

By Michael Nizich, PhD, CISSP

As another summer comes and goes and we start to prepare for another school year, IT departments all over the country are dealing with fallout from yet another season of traumatic and devastating security breaches that seem to become more prevalent during the summer months. IT Governance identifies 85 major breaches in July alone in 2022 and with average recovery costs now hovering at around four million dollars per incident according to IBM, the damage to our economy is becoming unbearable and consumer trust in our organizations to keep our personal and customer data secure is dwindling quickly. So, why are the summer months different with regard to data breaches? Below are 5 things that every leader should know to enjoy a cyber-vigilant summer.

1. We do not share the same holiday and vacation schedule as cybercriminals

Cybercriminals know that organizations and their employees are quite understandably less vigilant during the summer months and holidays in general and thus focus on these particular times to take advantage of a less vigilant workforce. They also know that the summer workforce may be dotted with temporary staff or contractors that may not have had the same security training as their full-time staff. Many employees, quite admirably, also continue to work remotely at least part of their days during the holidays and this creates a very attractive target for cybercriminals…corporate leaders working on company devices using public Wi-Fi to connect to their headquarters. Everyone has a busy season and unfortunately for us, the busy season for cybercriminals tends to be holidays, weekends and of course the summer months.

2. Public devices are just that…public!

Try to avoid using public devices during your travel. It is so enticing to see a very nice, comfortable business center and decide to sit down and do some work. These devices are always available to hotel guests and employees around the clock and, in some cases, anyone at all who happens to access the lobby. These systems can be easily installed and configured with keyloggers or other malware that may compromise your login credentials and other personal information.

3. Public Wi-Fi is a hunting ground for cybercriminals

There are things you can do, and more importantly as leaders, there are things that you can enforce through corporate policies that will make your organization more secure. One is to confirm that while traveling and working outside the office, you are using a secure Wi-Fi connection or simply using your mobile wireless connection to ensure encrypted transmissions between your device and the Internet. This can minimize, or even eliminate, the risks of popular attacks like Man-in-the-Middle (MitM) attacks where you may really be attached to a private router even though you assume that you are attached to a trusted router, or malware injections where someone else on the same wi-fi network is infecting your device with malware from another device on the network. Another thing you can do is to use a Virtual Private Network or a VPN once you connect to your public Wi-Fi. This will create a secure tunnel between you and your organization in which all data is strongly encrypted so that if the data is intercepted then it will be essentially unusable to whomever intercepted it.

4. You wouldn’t call a criminal and tell them you are going away so why post it on social media?

This is the most difficult one to adhere to and to stay diligent about. Who among us does not want our friends and family to know that we are on a beautiful mountaintop with our loved ones and simply enjoying life? However, while you are on that mountaintop, it is very evident to cybercriminals that you are not at your home, and more importantly, you are definitely not at your place of business. This means that there are myriad opportunities for cybercriminals to cash in on your inability to do anything to prevent a breach and they enjoy the fact that you may not even know about the breach until you return. Try your best to keep your personal details and whereabouts just that, personal. The more we give the criminals to work with the more information they can use against us.

5. Don’t focus on just the technical aspects – Social engineering and physical theft is part of the crime.

It is a fact that there are more personal property crimes including stolen wallets, passports, ID’s and cell phones during the summer months and tourist attractions and highly visited locations are some key hunting grounds. This makes both the time of year and the locations highly attractive to all kinds of criminals and this is no exception for cybercriminals. Be extremely cautious and conscious of the security you are using on your phones including locator services, biometric security and complex pins and passwords as well as device lockout services and remote wipe capabilities. Having these activated and configured properly can make you feel comfortable that, as frustrating as having your phone stolen would be, the information on that phone is both backed up and secured from cybercriminals.

There is no guarantee that you will not experience a data breach or identify theft during the summer months nor is it set in stone that you will. However, it is completely possible to drastically reduce that risk of experiencing a breach by staying cyber vigilant as you travel the globe and enjoying what we are all here to enjoy…our lives. Hopefully these 5 tips will help you as leaders to stay cyber-vigilant during the summer months.

About the Author

Michael Nizich, PhD, CISSP is an Adjunct Associate Professor of Computer Science and Cybersecurity at New York Institute of Technology and is the author of the new book, The Cybersecurity Workforce of Tomorrow