Watch the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by upskilling and scaling citizen developers. Watch now.
With the holiday season approaching, many home workers, who are already at increased risk of cyber-attacks, will travel to book vacation trips to visit family and friends. This is likely to exacerbate IT teams’ concerns about cybersecurity, which have already been heightened by the pandemic and its impact. In a survey by the Ponemon Institute, 65% of IT and security professionals said they found it easier to protect an organization’s confidential information when staff worked in the office.
Whether employees are working from home, attending a conference, or even on vacation, security pitfalls abound. The fact is that with every home worker, the attack surface of an organization increases. Some employees abandon their cybersecurity while working from home. For others, travel leads to fatigue and poor decision-making, including taking safety shortcuts. This is a problem when 76% of CEOs admit to bypassing security protocols to get something done faster.
While technology has made significant strides in protecting us from ourselves, remote work could quickly go south if we don’t take basic cybersecurity measures. This article covers a range of security best practices for remote work and travel. Of course, not every tip applies to every situation. That said, it’s crucial to understand your current and future environment, assess their relative risks, and take steps to protect your credentials, devices, and confidential data.
Here are some tips to improve your security posture while working remotely or traveling.
Intelligent security stop
On December 8, learn about the critical role of AI and ML in cybersecurity and industry-specific case studies. Register for your free pass today.
Do this first: Lock your SIM card
Trip or no trip, lock your SIM card. SIM jacking (or SIM swapping, unauthorized port-out, or “slamming”) is a real and under-reported crime in which threat actors impersonate you, contact your mobile carrier, and “port” your SIM card to your ( their) “new phone.” Imagine someone stealing your entire online life, including your social media accounts.
In other words, your phone number is now theirs. All your password resets are now done through the threat actor. When you consider how many work references, social media accounts and apps go through your phone number, the nightmare of this crime quickly becomes apparent. If you haven’t already done so, lock your SIM card with your mobile operator.
Here’s some information about Verizon’s “Number Lock” feature.
Cybersecurity tips for remote and traveling workers
Back up everything all day, every day. Leave the backup at home or in the cloud when you travel.
Use a password-protected Wi-Fi network with WPA (ideally WPA3).
Create a strong password (with uppercase and lowercase letters, distinctive characters, and several characters long). Never keep passwords on your person or on the phone, even in the notes section. Ideally, your employer should use a password manager, but chances are they aren’t. According to SpecOps’ Weak Password Report 2022, 54% of companies do not use a password manager. Even more alarming, 48% of organizations lack user authentication for calls to the IT service desk.
Patch and update every device you use, including apps. Do the same for the browsers and everything else you use on those devices. In August 2022, Apple announced that unpatched versions of iPads, iPhones, and Macs could essentially be taken over by threat actors. Make sure everything is current when you step into an unfamiliar environment.
Here’s how to update any app on your iPhone and iPad if you haven’t set them to update automatically — all at once:
Go to the app store.
In addition to updating and patching everything, make sure browsers use strict security settings, especially when you’re away from your home office. If you don’t want to mess with settings, consider downloading Mozilla Firefox Focus and making it your travel browser. By default, Firefox Focus clears the cache after every use, leaving no breadcrumbs to exploit.
Use two-factor authentication (2FA) anywhere, with anything. When choosing how to receive the authentication code, always choose token instead of text as it is much more secure. At Black Hat 2022, a Swedish research team demonstrated exactly how insecure text authentications are. If a hacker has your credentials and phone number, text-based authentication won’t protect you.
Update your Zoom software. Ivan Fratric, a security researcher at Google Project Zero, demonstrated how a bug in an earlier version of Zoom (4.4) allowed remote code execution using the XMPP code in Zoom’s chat feature. Once the payload was activated, Fratric was able to spoof messages. In other words, he could pose as someone you work with. What could go wrong?
Safety and Travel: Leaving the Home Office
Whether heading to Starbucks, Las Vegas, or overseas, digital nomads need to pack light. Leave unnecessary devices at home. Take only the essentials to get your work done without compromising your entire personal history. Bring a laptop lock to lock your computer to any workstation, as IBM instructs its traveling employees. Also invest in a physical one-time password verification (OTP). Some companies, like Google, require employees to use them. Employees can’t access anything without the physical device.
Leave sensitive data at home. Do not bring any devices that contain personally identifiable information (PII) or confidential company documents. Do you use a particular laptop for online banking and signing mortgage documents? Leave it at home. Do you want to take your work computer with you on vacation? Rethink. What happens to your career when trade secrets fall into the wrong hands? Of course, you are expected to take your laptop with you on a business trip, but make sure it is free of your personally identifiable information.
Use RFID blockers to protect your passport and credit cards from ‘contactless crime’. While contactless payments are useful in supermarkets and toll booths, they can be quite problematic within the range of attackers using radio frequency identification (RFID) scanners. With an RFID scanner in the wrong hands, hackers can easily walk past a group of people and expose identifiable card information.
The simple way to protect against this is to use RFID blockers (basically card envelopes or “sleeves”) that protect payment cards, room keys and passports from radio frequency attacks or skimming attacks. There are now entire categories of wallets, bags and purses that integrate RFID technology. Fortunately, more modern RFID chips make these antics much more difficult, but not impossible.
Consider using a Privacy Screen for your laptop and phone.
Turn off Wi-Fi, Bluetooth and Near Field Communication (NFC) on your phone, tablet and laptop when traveling to a location with high security risks. Funny things can happen when you travel to China or even an unsecured Starbucks.
Choose a password-protected hotspot over hotel Wi-Fi. If you need to use hotel Wi-Fi, pair it with a VPN.
Be wary of Bluetooth devices like your external mouse, keyboard, and AirPods.
Use a VPN everywhere. According to Cloudwards, 57% of respondents say they don’t need a VPN for personal use, and 22% say they don’t need one for work.
Encrypt text messages and chats and other communications using Telegram, Signal, or any other encryption-based communication platform. Suppose third parties read unencrypted apps.
As you can see, most cybersecurity while traveling involves front-end preparation. Just like anything else in the security field, keeping systems, software, and browsers up to date and patched is crucial. When traveling abroad, you need to understand that not everywhere is home to free. Know where you are going and what their local privacy laws are.
In short, keep a low profile when working or traveling remotely. Don’t take any chances or unnecessary risks.
Roy Zur is CEO of ThriveDX’s business division.
VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.