RESOLUTE EXECUTIVE VICE PRESIDENT NEIL SIMON‘S OP-ED FEATURED ON SECUREWORLD

What if Santa’s Workshop got hacked? Thanks SecureWorld for publishing Resolute EVP Neil Simon’s insights on cybersecurity lessons from the North Pole. Even security worries can benefit from some holiday whimsy this time of year.

5 Things Santa’s Workshop Teaches Us about Cybersecurity Communications

The other day in a Chicago hotel lobby, a guest accidentally knocked over the “Letters to Santa” mailbox. Amid the crash, the hotel manager and staff couldn’t help themselves. “You ruined Christmas,” they joked. But the awkward guilt of the clumsy patron revealed something about the real risks within the globally once-a-year supply chain that is Santa’s Workshop.

If the mailbox of letters—essentially customer order forms to Santa’s Workshop and the start of a sales process—is so vulnerable to the hotel lobby carelessness, how secure is the rest of Santa’s supply chain? Below are five things you can learn from Santa to secure your own network this season.

1. North Pole: low temps and high security

When it comes to security, Santa’s remote North Pole location may be his best move. But with all those short-sized workers arriving to balloon his staff this time of year, there’s a risk that new arrivers may be interested in something other than spreading holiday cheer.

For those of us working south of the 90th parallel, more remote workers and more travel for disbursed teams to meet colleagues and clients means less-familiar faces at office buildings and more “tailing,” where a would-be threat actor follows a badged colleague. High risk actions like this can literally open the door to major data breaches. Your holiday season politeness to let in a guest behind you may cause harm to many others. So, when it comes to access management, it can pay to be a bit of a grinch.

2. Elves whistle while they work

The holiday visions of elves whistling while they work is more than joy. Santa’s team is a security-first enterprise that knows the power of their whistle. First, the camaraderie seen in the workshop creates a culture of connectedness, so if something is wrong or off, there is a high degree of trust that encourages internal communication. Second, amid the merry soundtrack of the season within the workshop, a sharp whistle of concern stands out to warn the team. Whether it’s a whistle in the office or the “power of hello” to a visitor, take a cue from Santa’s team to secure your own.

3. Make a list, check it twice

If you don’t know anything about Santa Claus Inc., you probably know Mr. Claus is a meticulous double-checker. If Santa’s team can make a list of over a billion kids every year—and take the time to be checkin’ it twice—then your business can surely take an extra 30 seconds to verify that invoice you just got from a .ru email is legit before you pay it.

If you do fall for a phishing attempt, you can still get back on the “Nice” list this season by reporting the fraud. But better yet, check that email address a second time to be safe.

4. Securing Santa and the C-Suite

I’ve seen Santa in action. Every shopping mall, there he is with a listening ear, a welcoming beard, and an ample lap to hear anyone’s wishes. But looking closer, I see a good security practice in place. Yes, access is well controlled to this high-value seasonal CEO—with lines and one-way paths for families to approach, ushered by Santa’s helpers—but these helpers are also sending Santa the signals he needs to greet each child, to vet the folks getting close, and advise him before a photo. As walled off as he may be in the North Pole, he is in the forefront of every decision being made during the seasonal celebrations.

Too often, companies in the face of a potential breach wait too long to bring the C-suite into conversations. A good communications plan internally keeps appropriate people in the loop earlier; and, of course, if there is an actual security breach, they know how to activate and follow their plan.

5. Heads up, even if you’re going down a chimney

TV weathercasters have their 2022 live trackers ready. Google has launched a new interactive tracker page to follow Santa this year. At the heart of the crisis PR plans for such an icon as Santa is knowing that if something does not go right, the internal operations know how to communicate inside and outside the org. He’s a heads up leader.

Does your team know who to tell what and when, and who is cleared to talk to media or external stakeholders like Santa’s helpers do? In a series of cybersecurity tabletop exercises I ran in recent years, we categorized every action taken during the crisis simulation. Without fail, more than half of any team’s actions amid a crisis are related to communications.

So, to keep your team on track like Santa’s, make that list of your actions to prepare, work with your team to check it twice, and rehearse it. Because, unlike Santa, your performance is far more often than one day a year.