How to Enjoy the Holidays in Peace (While Keeping the Network Secure)

Posted on by Tony Bradley

I’m not sure why we even bother showing up to work in the month of December. The first week is spent coming down off of the Thanksgiving-gluttony food coma and frantically shopping online during work hours to find holiday gift bargains. We show up for the next two weeks because of a mandatory requirement to be physically present (even though you’ve already mentally checked out) and you’re just counting the days to the holiday break. Don’t slack off too much, though. If you really want to relax and enjoy holidays, there are a few things you need to do first.

network security holidaysWhile everyone is at home spending time with family, drinking eggnog, and opening gifts, the world does not actually stop. In fact, from a cybercriminal’s perspective this offers a prime opportunity to attack because they know that everyone is busy. There’s a good chance nobody is really paying attention to network security.

Your job is to make sure you’re not the low-hanging fruit, and that you do pay attention to network security over the holidays. You need to have a plan in place to deal with any issues that arise.

Drawing the short straw

For starters, somebody has to stand guard. Even if your employees are all at home relaxing for the holidays, someone must still keep an eye on the network, monitoring for any suspicious or malicious activity.

It would be unfair to just assign that responsibility to an employee who doesn’t celebrate Christmas, but it also makes some sense. However you choose the person to guard the network over the holidays, and be the first responder in case of any incidents, you should compensate the individual…and then some. For every day your employee has to work over a holiday break, they should receive a day-and-a-half of time off that can be used at another time.

Sharing the burden

Another approach is to spread the responsibility out so that everyone puts in some time guarding the network—and everyone also gets time off to relax and enjoy the holidays. You can just divide the number of days in the holiday break by the number of available employees and come up with some sort of system to decide who works which days. It could be better to have employees work two or three consecutive days or to set up a schedule where each person takes a turn every few days.

One common tradeoff is between Christmas Eve and Christmas Day, and New Year’s Eve and New Year’s Day. Often married workers—particularly those with children—will have Christmas Eve and Christmas Day off to spend with family, and in exchange they will work New Year’s Eve or New Year’s Day so that others who would be so inclined can go out and party.

Who you gonna call?

Figuring out who is going to stay on guard and watch the network while everyone is away for the holidays is just the beginning, though. The most crucial thing you need to do in order to be prepared to enjoy the holiday break in peace is to have a communication and incident response plan in place.

Keep in mind that the suppliers, vendors, and partners you generally rely on will also be facing holiday staffing challenges—so make sure you know how to escalate issues and who you should call in the event of an IT or security incident. You should also define business-essential personnel and make sure those people are available if needed.

Security is a 24/7 job that doesn’t take holidays off. But if you do a little planning up front, your security personnel can enjoy the holidays confident that the network will still be there when they get back.

Tony Bradley


critical infrastructure security awareness

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community