If there’s a worst possible time for an organisation to suffer a data breach, it’s Christmas. That’s not only because it’s morale-sapping to suffer such bad news at a time that’s supposed to be full of cheer and optimism. There’s also the practicalities of responding to an incident at this time of year.
For some organisations, particularly retailers, the Christmas period is their peak trading period, and a data breach could severely affect their business. Certain functions could be limited or go offline altogether, there will be delays and staff will need to dedicate their time to responding to the incident. Amid all this, customers are likely to express their frustration and will possibly take their business elsewhere.
Other organisations have the opposite problem.Christmas is the time of year when things start to wind down, and many offices will be half-empty as employees use up their remaining annual leave. Those who are left are likely to be finishing off their year-end targets and turning their attention to Secret Santa exchanges, Christmas lunches and festive jumper contests. A data breach could catch them completely off guard, and they might not have the resources to respond adequately.
We’re not suggesting that you clamp down on workplace festivities or force a certain number of employees to stay in the office. But you absolutely must account for the issues that the Christmas period will bring. The good news is that there are ways to do that while keeping everybody in the festive mood.
So, what can you do?
Whether Christmas is a busy or quiet time foryour organisation, you should have the same objective when it comes to cybersecurity: prevent simple mistakes. There’s not much more you can do at this stage to prevent sophisticated attacks, but you can address human error, which is one of the biggest causes of data breaches and will be your number one threat over the festive period.
Overworked employees might mistype a customer’s information, forget to secure a physical file or leave a password written down so seasonal staff have easy access to the organisation’s Wi-Fi. By contrast, employees with little work to do might fall into lazy habits as their attention drifts.
For these reasons, Christmas is a vital time of the year to make sure everyone in your organisation is aware of their data protection obligations. This begins, as most information security matters do these days, with the GDPR (General Data Protection Regulation).
Fun and games with the GDPR
The GDPR has caused a great deal of stress this year, so it’s probably the last thing you associate with the fun, relaxed atmosphere of Christmas. But don’t rush to judgement: Christmas might actually be the perfect time to get your employees’ compliance knowledge up to scratch.
That’s because many experts recommend ‘gamifying’ your staff awareness programmes. That is to say, making them informal competitive exercises, with a point mechanism and interactive element. Christmasis a great time to try this out, and you might even be able to slip it in among your other festivities without receiving employee complaints that training programmes take away from time they’d rather spend working.
How IT Governance can help
We offer a broad range of products and services to help organisations stay cyber secure. Those who are particularly interested in the GDPR should take alook at our selection of books, training courses and consultancy services.
You might also be interested in our GDPR staff awareness training course, whichcan easily be used as part of your Christmas activities and repeated throughout the year.