Reach for the beach – but watch out for the breach.
This recent post highlighted that as the temperature rises, so does the risk. That’s because many people take their work, and the devices they use to access it, outside – and even on vacation – just to keep an eye on things. Because nothing takes the fun out of a holiday like coming back to a stack of emails, right?
It stands to reason that when devices leave the office, the chances of user access being compromised increases. And it’s not all about sinister hackers – anyone can shoulder-surf while you’re typing in a passcode and then swipe a device. We’re also more vulnerable to a simple con while we’re more relaxed on vacation.
So what can we do as organizations to keep the barriers up while our guard is down? Let’s face it, we’re not going to persuade users to leave their laptops, tablets and smart phones at home, so the next best thing is arm them with the basic dos and don’ts of IT security to reduce the risk a security breach. Try sharing our top five. You’re welcome.
1) Avoid public Wi-Fi hotspots
It’s tempting to connect to public hotspots to download a movie before jumping on an airplane. But the provider can intercept your traffic through dubious hotspot wifi hookups such as ‘FREEPUBLICWiFi’ or ‘Jims_Phone’ or even redirect you to alternate websites that will download malware on your device so they can control it or access it at will. It’s as bad as it is avoidable.
Plan ahead. Get your movies or other large data downloads before you travel. If you do need to connect to the internet, use your wireless data plan – it’s far more secure than those unfamiliar hotspots. If you’re going to use public wifi at airports and hotels, check that you are connecting to the officially-provided network. Need to check your corporate emails or complete some work? Use a VPN for optimal security.
2) Keep your device locked
Many organizations use mobile device management software or have policies that require a pin code to access mobile devices in order to access business email. If this is not required, add one anyway. To reduce the inconvenience of typing in your code every time you want to access your device, use biometric access like a fingerprint scanner or facial recognition. Or use Smart Lock features that keep your device unlocked when paired with a wearable like a smart watch.
Devices are lost every day – left at airport security, stolen on a train, or abandoned in a hotel room. Do you really want to give immediate access to everything on it?
3) Use Two-Factor Authentication (2FA)
Passwords help to provide authentication – essentially, to prove that you are who you say you are. A password is one factor for authentication – ‘something you know.’ The other factors are ‘something you are’ (ie biometrics) and ‘something you have’ (the device itself, or a card).
2FA uses a combination of factors for more security. We do this all the time when we use a credit card and enter our PIN code on a fuel pump. Make accessing sensitive or work-related apps, such as Google accounts, more secure by using 2FA when it is offered. With 2FA, even if someone steals your account password, they can’t access your accounts without your thumbprint or device.
4) Out of Office messages
Activating our out-of-office notifications is often our final act before leaving for our vacations. It’s a basic courtesy to let those within your organization know that you won’t be responding immediately to their emails. But you could be providing too much information if you turn on that notification for those outside of your organization.
Scammers send emails to the many different addresses they find on social media to see who is on vacation. They contact work colleagues and convince them that you left without providing the urgent, sensitive information you promised them.
Using out-of-office notifications externally may be necessary for those with customer-facing roles. But send pre-emptive out-of-office notifications to customers instead of relying on the indiscriminate version built into your email client, or only reply to contacts in your address book, if necessary.
5) Update your software
The recent WannaCry ransomware attack highlighted the need to keep software updated. Malware such as viruses, worms and ransomware are possible because of the vulnerabilities in software. Software developers constantly publish updates that eliminate these flaws, but if you do not implement them, you remain vulnerable to malware.
Travel exposes your devices to more risk, so it’s a good idea to check that your operating systems, anti-virus and web browsers are updated before you leave the office.
Enjoy the break!
Life in the ever-changing world of IT is rarely dull and can be stressful. Everyone deserves a break. But damaging data loss is no-one’s idea of a good time. Educating users on out of the office security best practices helps to ensure that it’s just the people, not the systems, that experience some downtime…..
Travis Greene Identity Solutions Strategist Micro Focus
