According to a new report by Kaspersky, business travellers are more at risk of data theft. About 30% of senior business managers “have been hit by cybercrime while abroad”, according to a survey of 11,850 employed individuals who had travelled abroad for business and leisure in the past year. Jonathan Sander, VP of Product Strategy at Lieberman Software commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
There are three things that people and organizations can do to protect their users as they connect with critical resources from unknown points as they travel.
First, users need to be educated and enabled to make good network choices. Often business travellers will connect to the open WiFi at the airport because their mobile data service isn’t working when they land. Organizations are being penny-wise and security foolish when they don’t allow users to have some mobile data as they roam. Now, of course you want to tell users to use WiFi when it makes sense, but part of what should make is sensible is that it seems secure. How secure it needs to be likely depends on your organization’s tolerance for risk.
Second, everything that users would connect to remotely should use multi-factor authentication. If you’re using a simple username and password and the bad guys capture that, then it’s game over. With multi-factor you can be sure you’ve done your best to combat the simple attacks where users’ credentials get hijacked.
Third, you should ensure that everything the users might connect to on the run is using encrypted communications. That may mean using a VPN. But as organizations increasingly migrate to cloud, it may mean a portal using secured web communications, too. In fact, these portals can also be the choke point where you apply multi-factor to systems that may not support it directly – giving you the triple crown of cloud convenient apps, multi-factor protected authentication, and secure encrypted communications.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.