4 tips for golden times: without critical thinking, it's nothing but mosquito bites that sting! 

The summer of 2022 will hopefully be lovely, moderately warm and a golden time. What we already know, however, is that IT security is particularly important this summer. Various environmental factors combined with the general high-risk period - when many people are on holiday - mean that all businesses and organisations should critically examine how security is maintained. In this way, stinging bites can be avoided. 

Before each summer, it is necessary to review the internal IT security. This is true for mission-critical organisations, of course, but also for small and medium-sized enterprises in all sectors. AddPro's own security specialists Thomas Öberg and Rikard Burman argue that this summer is particularly risky. 

"Not only are there the usual threats that arise when many of the regular managers are on holiday. It's also about the increase in threats that the Swedish Armed Forces, among others, have seen could affect Sweden's sovereignty," says Thomas Öberg.

Critical review at both micro and macro levels

National and international threats, both large and small. A lot to keep track of for the IT manager before the holidays. 

"Well, it may not seem to have anything to do with your business whether Sweden joins NATO or not. But the fact is that it may be one of the reasons that triggers attacks and affects you. You should also be aware that the number of cyber attacks has increased significantly so far this year," says Rikard Burman.

Recently, an increase in traffic has been recorded, resulting in a number of intrusion attempts. This accelerated a few weeks after the invasion of Ukraine. For example, a Swedish provider recently suffered two DDoS attacks* a day, which brought the internet to a standstill due to congestion (*DDoS attack is a denial of service attack, the abbreviation means Distributed-Denial-of-Service).

"The virtual cyber world is part of the ordinary world. And just as in the real world, some people want to harm others in the virtual world. Right now, criminal elements are testing the mettle of different organisations. These could be suppliers to important companies that are critical to society that get hurt. The risk is that this will lead to targeted attacks at the personal level with specific destruction as the objective. This is quite different from DDoS or ransomware attacks," explains Thomas Öberg.

Hope for the best - and be prepared

Another thing that is becoming more prevalent is the spread of misinformation. Thomas and Rikard urge everyone to think critically about what they read and what they pass on.  

"Critical thinking is key. When the pandemic hit, we ran out of toilet paper, and after the war in Ukraine began, we ran out of canned goods on store shelves. The question then is whether we have prioritised correctly; is this really the worst thing that could happen or have we missed something here?"

Security specialists say that at this point it is good for all organisations to prepare for the worst and hope for the best. By being as prepared and perceptive as possible, the potential risks are reduced.

Dare to be difficult
When regular staff are absent during the summer, cyber criminals know that the check is worse. With limited staff or a partially new force, the threats are more numerous and the vulnerability greater. This is one of the reasons why, for example, the number of fake invoices increases during this time of year. 

"In the movie World War Z, only one country in the world was ready for the zombie outbreak. They had one person questioning everything, which was enough for them to be prepared. I think about it now: if you have someone questioning everything all the time, you will find the flaws you have. Just because somebody says it is good security and that we are prepared - question it! Dare to be tough," says Thomas Öberg from his critical perspective. 

"It is by daring to be critical of each other that we learn together. We are critical of our customers and they of us. That's super important," concludes Rikard Burman.

Perhaps it is too late to start finding the big overall solutions when summer is already here. But those who don't yet have a proper plan can at least take on board these four points to reduce the risks: 

1. Communication - How should we communicate within the organisation if something goes wrong? Everyone is on holiday; suppliers, IT, management so contracts, resources and processes need to be secured. Maybe we need to sign an on-call agreement with our own staff. Maybe we need a summer contract with our subcontractors. In any case, it needs to be clear who is responsible during the summer. Someone who knows how the business should be run around the clock, who knows the communication channels and how we should proceed if something unexpected happens.
   
   
2. Back up - Make sure your company has a secure back up when the holiday weeks start. The latest in this area is a so-called immutable back up, which means that if you are hit by hackers or insiders, the back up data cannot be deleted. It's safe in your own cloud or with us at AddPro. In an immutable back up there are no functions to delete data and this means that everything can be recreated if the worst happens.
   
   
3. Emergency Response and Recovery - The person in charge during the summer should know the procedures for different levels of lock down; both hard and soft shutdowns. In a soft lockdown, you shut down as much as you can think of to allow operations to continue. In a hard lockdown, you pull all the wires and short out everything. It requires policies to protect data in the cloud and documentation on how to recover files and documents. Contact information for suppliers is one of the things that should be included in a physical documentation of how a lockdown might happen and how to recover data. If it's only digital, it may not be accessible.
   
   
4. Critical thinking - Perhaps the most important point of all in a world suffering from information overload. If you're in a business that society depends on to function, such as an electricity company, you can expect the threat to increase over the summer. The world's major nations all have digital armies constantly fishing for new entry points where, if necessary, they can wreak havoc. Be constantly critical of what you hear and see. If someone mentions a particular country as a threat, counter-question: Why is country Z mentioned but not country Y? To be critical is to be apain in the ass and to act as a loyal opponent within your own organisation. Every answer has more than one question; every question has more than one answer.