I was sitting at an airport bar with other business travelers when the US scored within the first 32 seconds of the game against Ghana. The excitement in the air showed me how much attention the World Cup games has really gained. Aside from the adrenaline brought on by that goal, I was also finding entertainment in eavesdropping on fellow travelers complaining about how their employers had blocked many sites that would allow live viewing of the games from their office.
Why won’t they just let me watch the games? That is one of the most common questions employees will be asking over the next month. While the World Cup doesn’t bear any relevance to most organizations, it probably should as there is a growing menace of internal threats.
According to John Ourand of Sports Business Journal (@Ourand_SBJ) June 17, 2014 ESPN says USA-Ghana set a record on WatchESPN: 1.4M viewers; 62.4M minutes of streaming and was the highest-rated soccer match ever on ESPN, coming in at 11.093 million viewers. People are watching.
It is anticipated that many employees will try a variety of creative means to watch the games. If they are taking vacation time or calling in “sick,” that will likely have very little risk compared to if they start downloading streaming tools onto their corporate devices.
Employees are putting their organizations at risk every day when they use their corporate-issued device for personal business. Watching a video of World Cup highlights or clicking on a bit.ly link from their Twitter account could be leading them to a malicious site loaded with data-stealing malware. A little education never hurts. You should be asking questions such as: Do you re-use the same password for different accounts both work and personal? Are you visiting and engaging on social networking sites while on your corporate device? Have you ever checked your work email from an unsecured wireless hotspot? Have you ever downloaded a mobile app without checking the source? Most employees probably don’t even realize the risks.
Here are a couple of other quick Cybersecurity tips and reminders:
To start, the RSA Security Brief Taking Charge of Security in a Hyperconnected World; identifies that determining the appropriate level of organizational security can prove challenging because it is an exercise based on risk and relatively. As you evaluate your appropriate security posture it should be determined by four factors:
- Risk and requirements will change over time and are unique to each organization. During high profile events they will need to be level upped.
- Value of information being protected, high-value assets should be monitored more closely and subject to more controls. Remember – a cybercriminal scores their “goal” by stealing your assets.
- Attack techniques are constantly changing and rising in sophistication. You must continuously adapt your game plan based on your opponents attack plan.
- Your organizations security practices should be above peers as to not make itself an easy target – you want to win this game!!
During the games you must anticipate that many of your employees will be searching for game highlights, downloading mobile apps to their corporate devices, watching games from non secure Wi-Fi locations and accessing social media sites more frequently. For example, a Vine was posted after the game of the Tweet volume in the US before and after John Brook’s game-winner for USA shows how active a role social media will play over the next month.
If you are not prepared, the cybercrime threats from your employee’s behavior are real and infinite. A non techie game plan to consider is setting up a space to have your staff watch their favorite team’s match so they don’t have to access it from their corporate devices. Think of it as a team building event, managing your IT bandwidth risk and even more importantly a security educational moment to help your employees better understand how seemingly innocent activities could translate into organizational risk – have them take this fun, interactive Workplace Security Risk Calculator which asks a series of questions to determine the risk they may be putting your organization in and helpful hints to mitigate against these risks and have them read our blog on World Cup consumer tips.
You can also determine your organizational security readiness by taking the Security Self-Evaluation tools http://www.emc.com/emc-plus/rsa-thought-leadership/self-evaluation-tools/index.htm
For all the latest cybercrime developments, join the RSA Fraud and Risk Intelligence Online Community.