As the opening day of the 2012 Olympic Games nears, IT teams in the U.K. are busy expanding their companies’ security policies and reviewing their security contingency plans. They are preparing for 17 days of Games, which will surely produce crowded transportation systems, overloaded Internet connections, and employees whose attention may be diverted by swimming relays and equestrian events.
The Olympics provide a good opportunity for companies in the U.S. and around the world to review their security policies and plans, too. Security pros can watch how their peers in the U.K. handle the pressures and disruptions caused by the Olympics, and consider how they would handle such an event if it occurred in their city.
Security contingency plans, which are similar to disaster recovery plans or business continuity plans, lay out the steps IT should take as soon as a disruptive event occurs. The idea is to make important decisions in advance, and have the necessary resources already in place, so the team can react quickly to maintain the security of their company’s data and other IT assets. Yet, according to our application security expert Michael Cobb, many companies’ security contingency plans are either unrealistic or woefully out-of-date.
Could your company continue operating securely in a chaotic environment — whether that chaos is caused by a scheduled event, such as the Olympics, or by an unplanned natural event? The 2012 Olympics serve as a reminder for all firms to review and revise their security contingency plans in light of current concerns and resources.
The relatively quiet summer months may be a good time to set up components of your security contingency plan. One of the most important components to handle in advance is widespread telecommuting. During a major event, more employees may have to work from home. You can prepare now by having all employees sign a remote working policy agreement, test the security of the Internet connection in their home, and receive training on topics, such as securely filing sensitive documents from their home office.
The Olympics also provide a hook for continued security awareness training. The IT department could send out an email educating users about Olympic ticket scams, providing a helpful lesson for any too-good-to-be-true email offer. Or the IT department could run a summertime security contest, posting a short information security quiz on the company’s Intranet and awarding gold, silver and bronze medals to the employees or departments who score highest on the quiz.
Even if the Olympics are not held in the U.S. until at least 2024, there is bound to be a significant event that will affect your company’s security posture in the near future. Prepare and practice now so your security team can execute flawlessly and take home the gold.