Blog


← Back to BLOG

05
Dec
2023
Festive Best Practices for a Zero-Trust Secret Santa

Festive Best Practices for a Zero-Trust Secret Santa

If you work in an office, chances are you and your coworkers have played Secret Santa at some point during the holidays. Every year between Thanksgiving and Christmas, colleagues participate in this game to boost their morale and strengthen interpersonal connections¹. However, your office’s Secret Santa is far from a secure environment. For example, your coworkers may wish to steal gifts that you have purchased for your chosen recipient, or you might claim a colleague’s intended gift as your own. Additionally, with cybersecurity threats and vulnerabilities growing faster than evergreen branches, organizations worldwide have begun implementing zero-trust principles and practices for enhanced security². In this article, we will explain best practices for organizing a festive, secure, and predictably awesome Secret Santa this holiday season.

 (Image courtesy of https://www.drawnames.com/secret-santa-office-party)

                When organizing your office’s Secret Santa, you can go the old-fashioned route and randomly select names out of a hat, but a more modern approach would entail calling, emailing, or texting your coworkers their designated giver and/or recipient names after creating a top-secret list of who is assigned to whom³. Here is where the zero-trust part kicks in. After making your list in Word or Excel and preferably checking it twice, you must utilize a blockchain application to ensure that it is created and stored properly⁴.

                Compiling a list matching your office’s Secret Santas to their designated recipients is essential, but what if you accidentally delete this file, or a disgruntled colleague deletes it maliciously? If the data in your Secret Santa gift list is breached, the consequences can be disastrous, or even terminal for smaller companies⁴. Consider that the average data breach worldwide costs $4.45 million, according to IBM, and the average U.S. data breach a staggering $9.48 million⁵. Keep in mind, too, that 60 percent of all small businesses must close their doors forever within six months if they are attacked⁶. In short, you need a zero-trust policy in place to keep malicious parties from infiltrating your business’s sensitive files – including the Secret Santa list.

                Additionally, when creating the Secret Santa list, you may be tempted to do so on your smartphone, be it on your phone’s proprietary note-taking app, Google’s Keep Notes, or Google Docs⁴. However, utilizing a mobile device to track office gift-giving and receiving poses even more risks for your business’s security⁴. According to Kiersten Todt, the Cyber Readiness Institute’s managing director, “There is technology that exists that encrypts not just messaging but video, phone, etc., and that’s where we have to go” ⁴. Consider downloading an encrypted messaging and calling app like Signal, an encrypted email app such as ProtonMail, and a file encryption app like CoverMe to protect your Secret Santa list and other sensitive business files from theft⁷. In summary, data encryption is paramount for ensuring your office’s Secret Santa is secure.

(Image courtesy of https://www.howtogeek.com/howto/33949/htg-explains-what-is-encryption-and-how-does-it-work/)

                Zero-trust security models encrypt your data both at rest and in transit before moving it to cloud-based storage⁸. Even if the data in your company’s Secret Santa list is breached, no one can read it except you and your intended recipients⁸. Additionally, returning to mobile security risks, Todt says, “You can no longer absolve yourself of responsibility in the tech space if you’re using a phone to do anything” ⁴. Just as lack of compliance on Santa’s part would spell disaster, you will find yourself in trouble if you fail to take appropriate precautions in creating and storing your Secret Santa list⁴.

                Once you know all your designated Secret Santas and recipients, you must then craft guidelines for purchasing the gifts themselves. One best practice is to establish a price limit for every gift. For example, you should keep your colleague’s Secret Santa gift less than $25¹. Why $25, you ask? According to etiquette expert Maggie Oldham, the $25 limit is neither “too small where you’re getting someone a junk gift” nor “too large where it might put someone out of their budget,” especially if that budget is tight¹. On a related note, you may be tempted to splurge on gifts for close friends, but you should keep your Secret Santa gift within the designated price limit regardless¹. Furthermore, you must not purchase too inexpensive a gift, either. Buying a $5 item when the price limit is $25 will only sully your reputation¹. In short, establishing proper gift-buying rules will help you and all your colleagues keep your respective bank accounts and reputations intact.

                Finally, while you can conduct the office Secret Santa under a zero-trust model, you must conduct a risk assessment before implementing your plan⁴. Treat this like any other security initiative for your business, be it installing new Sophos firewalls as we described in a previous article, or a data loss prevention (DLP) system like those we highlighted in a different article⁴. Although hackers and other malicious actors lurk across the dark web, the chances of them stealing your Secret Santa list and gift purchase-related credit card information are slim⁴. Now ask yourself if the risk is “truly high enough to merit the investment” in a zero-trust system for your business⁴.

                The answer is simple: it is. While chances are your Secret Santa list and gift-buying information such as emailed transaction summaries will not be exposed in a data breach, you must still clearly identify your business’s sensitive data and protect it from any such exposure². Then, and only then, can you guarantee a festive, secure, and predictably awesome office Secret Santa this holiday season.

                Navitend can help you. Call 973.448.0070 or setup an appointment today.

Sources:

¹Entrepreneur. “The Do’s and Don’ts of the Office Secret Santa” by Lisa Evans. Retrieved from https://www.entrepreneur.com/growing-a-business/the-dos-and-donts-of-the-office-secret-santa/253819.

²CSO Online. “Five Best Practices for Implementing Zero Trust” by Megha Kalsi and Jon Medina. Retrieved from https://www.csoonline.com/article/3656800/five-best-practices-for-implementing-zero-trust.html#:~:text=Five%20Best%20Practices%20for%20A%20Zero%20Trust%20Implementation,5%205%29%20Consistently%20Monitor%20Traffic%20and%20Sustain%20.

³Elfster. “What Is Secret Santa? Rules for How to Play a Secret Santa Gift Exchange Online.” Retrieved from https://www.elfster.com/content/secret-santa-rules/.

⁴Informa PLC. “Santa and the Zero-Trust Model: A Christmas Story” by Curtis Franklin. Retrieved from https://www.darkreading.com/edge-articles/santa-and-the-zero-trust-model-a-christmas-story.

⁵IBM Security. “Cost of a Data Breach Report 2023.” Retrieved from https://www.ibm.com/downloads/cas/E3G5JMBP.

⁶Cybersecurity Ventures. “60 Percent of Small Companies Close Within 6 Months of Being Hacked” by Robert Johnson III. Retrieved from https://cybersecurityventures.com/60-percent-of-small-companies-close-within-6-months-of-being-hacked/.

⁷Digital Guardian. “15 Free Mobile Encryption Apps to Protect Your Digital Privacy” by Nate Lord. Retrieved from https://digitalguardian.com/blog/15-free-mobile-encryption-apps-protect-your-digital-privacy.

⁸Encryption Consulting. “Zero Trust Security.” Retrieved from https://www.encryptionconsulting.com/education-center/zero-trust-security/#:~:text=The%20Zero%20Trust%20Security%20model%20protects%20the%20data,can%20read%20the%20data%20except%20the%20intended%20person

Contact us at 973.448.0070

Testimonials

  • "Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

    Greg Niccolai / Madison Insurance
  • “Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”  

    Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.
  • "I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

    Luke Wolters / Luke Wolters Tax Consultants
  • navitend’s approach to customer service is greatly appreciated here.  Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest. 

    Debbie
  • "Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

    Lawrence Wolfin / Textol Systems, Inc.
  • "I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

    Andy Lynch / North Star Marketing
  • "Thanks so much!  You are a class act!  
    You and your team have really done an excellent job on this!"

    Steve Van Ooteghem, The C12 Group in Houston, Texas
  • "navitend has been a great IT partner for our company.  Their helpdesk response time is the best I have experienced in my 30 year career.  navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

    Bob Bradley, President, Bradley Graphics
  • "We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

    Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary