It’s a scene that we have seen many times; on a beautiful Greek beach, an executive reviews a contract on his tablet and responds to two urgent emails. Then, he absentmindedly slips the tablet under his towel and goes for a swim. Ten minutes later, the tablet is gone. No strong password. No encryption. And, of course, the tablet is full of sensitive data.
This type of incident, once rare, has become a summer classic. Summer doesn’t suspend security obligations or cyber threats. While offices empty out, hackers never really go on vacation.
So, how can you enjoy your vacation without putting your company’s data at risk? How can you stay vigilant without becoming paranoid or ruining your ten days at the beach? In our August series, we are sharing our tips so you can have a serene summer, and come back to work without issues.
It is often believed that vacations are synonymous with a digital break. In reality, this is one of the most risky times for IT security: employees connected to public networks, equipment taken on the move, reduced vigilance, and less internal supervision.
Some figures speak for themselves: according to a study by NordLayer (2023), more than a third of cybersecurity incidents in companies occur during holiday periods, particularly July-August and December.
Last August, a lawyer working for a large French industrial group logged into his webmail from Athens airport. He entered his login details on what he thought was the airport’s Wi-Fi portal. In reality, it was a malicious copy. The next day, his access was compromised and confidential documents were exfiltrated. The incident required a CNIL alert and a complete audit of connections.
It is the context that weakens cyber defenses.
Add to this a psychological factor: excessive confidence in personal technology. Many people believe that their phone, tablet, or PC is “secure” without checking that encryption is enabled or that connections are secure.
You don’t need to be a cybersecurity expert to take effective measures. But you still need to plan ahead before you leave. A professional VPN, for example, remains one of the simplest and most effective ways to secure your communications—even on questionable connections.
Another often overlooked point is the separation between professional and personal life. Using the same device for everything is a common but risky habit. Creating separate sessions, activating a secure workspace or even carrying two devices if possible, significantly limits the damage in the event of an incident.
And of course, password management remains key. Too many users take advantage of the summer to “keep it simple”: using the same password for multiple services, no two-factor authentication… All of these are open doors. A secure password manager not only enhances security, but also saves time, even when traveling.
Let’s be clear: many executives and managers never completely switch off. And that’s not necessarily a problem in itself. But it does mean that mobility must be considered as a cybersecurity scenario in its own right, not as an afterthought.
Let’s take another real-life example: in 2022, a CIO on vacationtakes his work computer with him in his car. He quickly parks at a motorway rest area, and when he’s back, his window is smashed and his equipment stolen. The computer was neither encrypted nor locked. It contained sensitive files that were accessible without a password. The result: customer data leakage, an internal investigation, and a tarnished corporate image.
Encryption, a well-configured session lock, or a remote wipe option would have been enough to limit the impact.
From a regulatory standpoint, particularly with regard to the GDPR, corporate responsibility knows no summer break. Any personal data breach—whether it occurs in August on a beach or in the middle of a January meeting—is subject to the same obligations: risk analysis, often (depending on the country) regulatory mandatory notification to regulators, and documentation of the measures taken.
And behind the company, it is also the executives and technical managers who can be held liable for negligence, especially if basic measures were not in place.
Several recent rulings have reiterated that, when it comes to security, the absence of appropriate resources is a fault in itself. It is not enough to say that an employee “acted wrongly”: it must also be proven that the company had given them the right tools and instructions.
So, what should you do before shutting down your computer and packing your bags?
Share emergency contacts (IT, legal, DPO) in an easily accessible format (QR code, card, secure cloud).
It’s not the summer itself that creates the risk. It’s momentary lapses in professional reflexes. Cybersecurity on vacation doesn’t mean being suspicious of everything, all the time. It simply means anticipating tipping points, where a moment of complacency can be costly.
And even though it can seem paradoxical, it’s also a good opportunity to review internal practices: who has access to what? Why keep certain resources open all summer? Why not train teams in mobile usage?
Summer can be a break. But cybersecurity must remain a routine.
Come back in mid-August for the second part of our article on cybersecurity while on vacation. In the meantime, if you have a movie, TV series, software, or e-book that you want to protect, don’t hesitate to call on our services by contacting one of our account managers. PDN has been a pioneer in cybersecurity and anti-piracy for over ten years, and we are sure to have a solution to help you. Happy reading, and see you soon!
Share this article
