As the end of the year approaches, businesses everywhere will be focused on seasonal hiring, managing employee travel plans and meeting final product deadlines. This flurry of activity often leads to increased security vulnerabilities. Don’t take any chances! Here are the top three seasonal security challenges to look out for and how to minimize your team’s risk.
Challenge: User Provisioning
The first item of business when onboarding your seasonal hires will be getting them the right access to tools and resources – quickly.
Solution: To make user provisioning as quick and safe as possible, we recommend integrating tools with a Single Sign-On (SSO) Solution that also supports System for Cross-domain Identity Management (SCIM). Some of our favorites include Okta and OneLogin. These tools will also allow you to link SSO with your HR system to preset triggers for provisioning and de-provisioning based on contract start and end date.
Challenge: Traveling with Company Devices
More frequent travel and WFH days aren’t unusual during the holidays but it goes without saying that any time employees take company assets on personal trips, your company’s data is at risk for theft or loss.
Solution: We recommend taking a three-pronged approach to combating this seasonal security concern.
Preventative control. Remind employees to stay vigilant when working remotely or taking company devices home. Share best practices and timely cybersecurity news via email newsletters or all-hands meetings to discourage use of company assets during personal travel.
Detective control = Use access management proxies to track where users are logging in from and increase monitoring for geographic zones where users wouldn’t normally be.
Corrective control = Lastly, ensure encryption and remote-wipe are turned on for all devices that store company data. In the event of a device being stolen or lost, this is the easiest way to correct the situation.
Challenge: Increased Feature Releases
Solution: Build automated security testing into your development lifecycle with linters and code security scanners. These will allow for security checks across your code deployments allowing for scale without manual intervention. Focus on security reviews by working with product teams to determine high-risk features and timelines for release. If resources are available, we recommend running pen tests with an internal red-team. Once releases go out, monitoring should continue for potential fraud and misuse.
Although these challenges are framed for seasonal changes, the solutions that are proposed are applicable for a successful security program year round. If you’re ramping up Dialpad usage for your team members during the holidays, check out our new integration with OneLogin and other SSO/SCIM solutions such as Okta to keep your communications safe and secure!