Nowadays, vacation-bound business people are just as likely to throw gadgets & chargers into their suitcases as flip-flops and sunscreen. With Cloud adoption and the popularity of Bring-Your-Own-Device (BYOD) – this can inadvertently increase digital risk for businesses.
The biggest risk is having your gadget fall into the wrong hands whilst you are away. We’ve all heard stories of colleagues having their valuables stolen while they sat on a beach waiting for hotel check-in to open. But you don’t have to travel around the world to lose a device – in any year, some 25k gadgets are lost on London transport alone! If a threat actor gains access to your laptop's corporate data and email functionality their opportunities for cyber-attacks could be limitless. Data exfiltration, phishing and financial fraud are some of the most common and damaging results.
Companies that support BYOD or simply allow staff to travel with devices, should enforce strict reporting processes and have procedures in place to remotely wipe devices. As a final line of defence, encrypt local data or use full disc encryption (FDE) to reinforce your security.
Loaning out your phone or laptop to other family members could prove dodgy too. According to Google, they prevented 1.2 million bad applications from being listed on their official Android app store in 2021 alone. Inevitably, they simply can’t prevent every app that harvests data from unwitting users or spreads malware from being listed – even though they are quick to remove reported apps. Keeping your smartphone away from enthusiastic button-pushers has never been more important.
Be a beach bum, not a breach bum
Using your phone or laptop whilst you are away can also expose you to the risk of an unsecured WIFI connection, particularly if you don’t use Virtual-Private-Network (VPN) technology to protect access to sensitive data. When accessing your business Cloud apps, make use of their multi-factor authentication features. Travellers can sometimes be obliged to download applications they weren’t expecting to. Restaurant and taxi booking and public transport ticketing apps make vacations smoother, but don’t fall into the trap of re-using a ‘favourite’ password when you set up credentials. If you’ve had a favourite password at any time in your career, it’s almost certainly been exposed in a historic breach.
If your business knows you can’t get a day’s tanning done without checking your email, get staff to be extra vigilant when responding to your emails. Get them to verify instructions using alternative communications methods and treat correspondence from supply chain partners with caution. And finally, avoid setting an out-of-office message that will signal a green light to cybercriminals, telling them you're away.
Stepping up your outer defences is a great way to ensure you are prepared for attacks being planned when staff are absent. Gaining visibility of chatter in Dark Web forums can also help provide an early warning about planned attacks, alerting your company if they are being discussed by threat actors or if stolen credentials are being sold.
… and for those staff left behind to run your operations while the rest are sipping margaritas? Our partners at 2Tela have assembled a handy checklist to get your organisation ready for the holiday season.