Ah, summer vacation. Something we almost all look forward to each year – a time to relax and reset. It’s a time for employees to take a much-deserved break from work and recharge their batteries. It’s also a time for cyber criminals to strike. In today’s threat landscape, it’s not just sunscreen and a bathing suit that should be on one’s packing list –cyber hygiene is also a necessity.
As security leaders know, bad actors are an enterprising lot, looking for any opportunity to capitalize on a perceived vulnerability. And summer vacations provide a perfect opportunity for this. For both individuals and organizations, there comes risks that bad actors will be looking to take advantage of. The good news is that there are some simple things that anyone can do to stay safer.
Summertime and the living is risky
Most people bring devices when they travel, including smartphones, laptops and tablets. These are connected to various networks, whether they be those at airports, hotels or open Wi-Fi at a restaurant. As the final stop of a network, these endpoints are the most vulnerable.
Let’s say an employee takes their laptop on a trip and then returns to the office environment with that same device. That computer, which was previously connected to a variety of other devices, is now back to the organization’s network, where it is connected to its own servers and infrastructures. This raises the possibility of infecting a company’s network if the endpoint device was compromised by malware while away. This gives threat actors a doorway into the company network, enabling them to navigate it laterally and conduct internal network scanning. At a later stage of an attack like this, ransomware is frequently the result. The same thing can happen with the employee’s personal networks.
With more and more companies using BYOD and WFA approaches, the lines between work and home devices and networks are increasingly blurred. The best way to keep summer travel from creating a post-vacation cyber nightmare is by practicing good cyber hygiene. Just like personal hygiene, it involves following proper procedures to keep personal and corporate environments “clean,” particularly when traveling.
Tips for staying more secure while traveling
Security leaders can help all employees stay safe – and in turn, keep corporate assets safer – by encouraging them to follow these best practices:
Avoid free cellphone charging kiosks: The FBI has warned against using public USB stations like those at malls and airports, because of what’s called “juice jacking,” which is when cybercriminals hack these stations and then use them to spread malware and other information-stealing software.
Don’t connect to public Wi-Fi: Public Wi-Fi is just that – public. It’s available to almost anyone within a certain range, and if the network’s security is weak, users are effectively allowing other network users to directly scan their system. The best alternative would be to get a SIM card from the nation being visited in order to establish a personal hotspot.
Keep devices updated/patch systems before traveling: These updates are easily done by through Google Play Store or the App Store. Remind employees that attackers who know about potential security flaws may exploit them if apps aren’t updated. y
Use strong passwords: This can’t be repeated enough. Make sure employees have guidance on how to create better and safer passwords.
Don’t click that link: This should be a part of all cyber hygiene training but it’s always an important one to reiterate. Ensure employees know now to open emails or click on an attachment from a stranger, even if the subject line is tempting.
Don’t announce travel plans on social media.
Creating a carefree summer environment
As the summer season approaches, it is important to remember that as travel increases, so do cyber risks. Traveling employees are particularly vulnerable, as their endpoint devices connect to various networks, making them more susceptible to attacks. To stay protected, it is crucial to practice good cyber hygiene and encourage employees to do the same. This includes avoiding public Wi-Fi, updating devices and apps, using strong passwords, and being cautious with VPNs and email attachments. Following the guidance above won’t just keep employees safer as they enjoy their vacations; it can also help keep the organization safer, even as attacks flourish.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.