As global travel restrictions continue to ease this summer, many will wander to new destinations. Recent research anticipates that 208 million American adults (80.84 percent) plan to travel this summer with more than 20 percent of those planning to travel internationally. While this is a positive forecast for the travel and hospitality sector, for cybersecurity, it presents a host of potential risks. Insecure WiFi connections and personal device usage, to name a few.
As malicious activity proliferates and cybercriminals become more discrete and persistent with their attack methods, organizations and their employees must be vigilant at all times, unfortunately even when on vacation. Simply checking company emails on a personal device while connected to public WiFi at a café or airport could have massive repercussions for an organization. Employees must always take precautions, as cybercriminals will be looking to exploit organizations during employee downtime. While it is best to completely avoid bringing your corporate devices on vacation, fortunately, there are measures that we can all take to reduce our risk of falling victim to an attack while working from unfamiliar locations.
Update Software and Backup your device
Before jetting off on vacation, make sure that all devices, both corporate and personal, are running on the latest versions of software. This will ensure that all known and discovered software vulnerabilities are patched and resolved which will ultimately help minimize your attack surface. Before you leave home make sure to take a full backup of your device to ensure if your device is lost or is encrypted with ransomware you have a good backup to be able to restore and recover.
Always Log Out
Millions of devices are lost and stolen during travel season each year. While in transit, it is good practice to continually log out of all devices, websites, and applications. This will ensure that, should anyone gain access to your devices, they will not have a free pass to any sensitive information.
Utilize Multi-Factor Authentication Where Possible
While the use of Multi-Factor Authentication (MFA) should be a daily practice both personally and professionally, its significantly more important while in transit. Enable MFA everywhere possible — on emails and cloud and SaaS applications or even social media accounts. This adds an extra layer of protection should an attacker crack a weak password or access an unlocked device. If you think about passwords as the lock on a door, MFA acts like the deadbolt. The cybercriminal needs to obtain the key for both locks to gain access.
Avoid Public WiFi Where Possible
Although difficult, users should also avoid using public Wi-Fi network without VPNs when traveling, where possible. Best practice is always using your personal mobile network hotpot. If you are using public WiFi, be aware of suspicious ads, be a least privilege user while browsing and always assume your data is being monitored.
Be Overly Cautious with Hyperlinks
When not protected by an organization’s on-premise perimeters while traveling, it is critical that employees remain highly vigilant when receiving any messages or emails with a hyperlink attached. Before clicking on any links, a user should ask themselves, do I know the person who is sending it or do I trust this website? Many of these links will be malware or spyware, designed to steal or access personal data. Before clicking, stop and think. Check the email and see if anything looks off, such as easy spelling/grammar errors and fuzzy graphics. Hold your cursor over any link to make sure the destination matches and looks legitimate before clicking on it.
While this is by no means an exhaustive list, implementing these small cybersecurity tips while traveling and working in remote and foreign destinations will significantly reduce your likelihood of becoming the next victim of an attack.
Joseph Carson is Chief Security Scientist and Advisory CISO at Delinea.