Whether your employees are using their digital devices for work or pleasure while on the beach or at the hotel, if those devices are connected to company accounts, such as email, bank, or other secure or insecure locations, they are creating a business risk. There’s no such thing as a disconnected vacation.
Digital Devices – Employees Don’t Leave Home Without Them
Regardless of whether a vacationing employee plans to work while away, there’s a good chance they are taking one or more devices that are either connected to company platforms or simply owned by the company. If any device is lost or stolen while on vacation it poses a major business risk.
There are two main issues: One is the cost to replace the device itself and the resulting downtime for reinstalling all the information and applications and getting back up and running. The other issue is even more important: what if someone gets your information?
The first line of defense is a company policy that requires all devices to be password protected. This means needing a password to open the device and then separate different passwords to open any file, app, or cloud-based system. At least this way, it is much more difficult for an unknown person to get your or your client’s information.
Also, requiring the installation of a tracking app is a great idea. It can help quickly and easily find a lost device, vastly shortening the time for someone to hack into your system. Additionally, you need to stress the importance of the employee reporting a lost or stolen device as soon as possible. It's not about getting in "trouble" it's about reducing risk! Lastly, the company IT department (either in-house or outsourced) should have the ability to shut-down company-owned devices.
You should check and make sure your business insurance covers the replacement of lost, stolen, and/or damaged devices. Additional business insurance may be required if any of your employees are using their personal devices to connect to your infrastructure, including SaaS platforms (such as a CRM, social media, accounting, HR, or any other cloud-based application or remote-accessed hardware). We see this happen even when there is a policy against it, simply due to convenience.
This oxymoron is the norm for many executive-level employees. Although they are away from the office, the office is not away from them. In fact, since executives typically have higher-level access to business information, they pose a greater risk to potential cyber-attacks than other employees.
Simply using their phone or tablet while on vacation can cause business risks. Simply checking their emails, which may include confidential documents or financial reports, over an unsecured Internet connection can open the door to their device getting hacked and potential, the business infrastructure.
Just gaining access to important information can be enough of a security leak to scare investors or give an upper-hand to the competition. Of course, any public wi-fi use is risky, but when on vacation, it’s easy for employees to let their guard down for a quick glance at their inbox.
Cyber insurance is crucial in situations like this. Unfortunately, we’ve seen many businesses put off investing in cyber insurance because they manage their own systems and feel confident they are not vulnerable. Although this may be the case within the office walls, once employees leave the building, all bets are off!
“Off the Grid” Vacations Cause Business Risks Too
They promise not to do work while they’re away. They promise not to check emails or call in. Even when they keep these promises, if your vacationing employee has not physically logged out of your systems on their devices, then they are still connected.
Not realizing they’re connected can be a huge business risk, especially when that “less-than-professional” vacation picture gets posted to the company Facebook page instead of their personal page. This can happen accidentally, or if their phone or tablet lands in the “wrong” hands.
Or even worse, what if your employee erroneously posts a picture of a confidential document, possibly one taken in the office weeks before they went on vacation, instead of the beautiful sunset they meant to post.
Many cyber policies include protection against ‘content’ claims.
The best offense to business risk is a good defense. Make sure you have protocols in place with respect to digital use and have devices all password protected. Then have cyber insurance in place – for when or if you need it.