Check out the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by enhancing and scaling citizen developers. Watch now.
As the holidays approach, many remote workers, already at higher risk of cyberattacks, will travel by booking vacation trips to visit family and friends. This is likely to exacerbate IT teams’ anxiety about cybersecurity, already heightened by the pandemic and its aftereffects. In a survey conducted by the Ponemon Institute, 65% of IT and security professionals said they found it easier to protect an organization’s sensitive information when staff were working in the office.
Whether employees are working from home, at a conference, or even on vacation, security pitfalls abound. The fact is that with every remote worker, an organization’s attack surface grows. Some employees let their cyber guard down while working from home. For others, traveling leads to exhaustion and bad decisions, including taking safety shortcuts. This is a problem when 76% of CEOs admit they bypass security protocols to get things done faster.
While technology has made significant strides in protecting us from ourselves, working remotely can quickly backfire if we don’t take basic cybersecurity precautions. This article covers a variety of security best practices for remote work and travel. Obviously, not all advice applies to all situations. That said, it’s crucial to understand your current and future environment, assess your relative risk, and take steps to protect your credentials, devices, and sensitive data.
Here are some tips to help you improve your security posture while working or traveling remotely.
smart security summit
Learn about the critical role of AI and ML in cybersecurity and industry-specific case studies on December 8. Sign up for your free pass today.
Do this first: Lock your SIM card
Travel or don’t travel lock your sim card. SIM hijacking (or SIM swapping, unauthorized porting, or “lockout”) is a real, unreported crime in which threat actors impersonate you, contact your wireless service provider, and “port” your SIM card to your (your) “new phone.” Imagine someone stealing your entire life online, including your social media accounts.
In other words, your phone number is now yours. All your password resets now run through the threat actor Considering how many work credentials, social media accounts, and apps go through your phone number, the nightmare of this crime quickly becomes apparent. If you haven’t already, lock your SIM card with your wireless provider.
Here’s some information about Verizon’s “Number Lock” feature.
Cybersecurity Tips for Remote Workers and Travelers
Back up everything all day, every day. If you travel, leave your backup at home or in the cloud.
Use a password-protected WPA-enabled Wi-Fi network (ideally WPA3).
Create a strong password (with uppercase and lowercase letters, distinguished characters, and multiple characters). Never store passwords on your person or on the phone, even in the notes section. Ideally, your employer should use a password manager, but most likely they are not. According to the SpecOps 2022 Weak Password Report, 54% of companies do not use a password manager. Even more concerning, 48% of organizations do not have user verification for IT service desk calls.
Patch and update all the devices you’re using, including apps. Do the same for browsers and everything else you’re running on those devices. In August 2022, Apple spread the word that threat actors could take control of unpatched versions of iPads, iPhones, and Macs. Make sure everything is up to date when you enter an unfamiliar environment.
Here’s how to update all the apps on your iPhone and iPad if you don’t have them set to update automatically, all at once:
Go to the app store.
In addition to updating and patching everything, make sure browsers have strong security settings, especially when you’re away from your home office. If you don’t want to mess with settings, consider downloading Mozilla Firefox Focus and making it your go-to browser. Firefox Focus by default purges the cache after each use, leaving zero breadcrumbs to exploit.
Use two-factor authentication (2FA) everywhere and with everything. When choosing how to receive the authentication code, always opt for the token instead of the text, as it is much more secure. At Black Hat 2022, a Swedish research team demonstrated exactly how insecure text authentications are. If a hacker has your login credentials and phone number, text-based authentication simply won’t protect you.
Update your Zoom software. Ivan Fratric, a security researcher at Google Project Zero, demonstrated how a bug in an earlier version of Zoom (4.4) allowed remote code execution by exploiting XMPP code in Zoom’s chat feature. Once the payload was activated, Fratric was able to forge messages. In other words, he was able to impersonate anyone you work with. What can go wrong?
Safety and travel: Leaving the office at home
Whether they’re headed to Starbucks, Las Vegas, or abroad, digital nomads need to pack light. Leave unnecessary devices at home. Take only the essentials to get the job done without compromising your entire personal history. Bring a laptop lock to lock your computer at any workstation, as IBM instructs its traveling employees. Also, invest in a physical one-time password (OTP) authenticator. Some companies, like Google, require employees to use them. Employees can’t access anything without the physical device.
Leave sensitive data at home. Please do not bring devices that contain personally identifiable information (PII) or confidential company documents. Do you use a particular laptop for online banking and signing mortgage documents? Leave it at home. Do you want to take your work computer on vacation? Reconsider. What happens to your career if company secrets fall into the wrong hands? Of course, you’re expected to take your laptop on a business trip, but just make sure it’s free of your personally identifiable information.
Use RFID blockers to protect your passport and credit cards from “contactless crime.” While contactless payments are convenient at grocery stores and tollbooths, they can be quite problematic within the range of threat actors employing radio frequency identification (RFID) scanners. An RFID scanner in the wrong hands allows hackers to simply walk past a group of people and unmask the identifiable information on the card.
The simple way to protect against this is to use RFID blockers (basically, card envelopes or “sleeves”) that protect payment cards, room keys and passports from radio frequency attacks or theft attacks. There are now entire categories of wallets, bags, and purses that integrate RFID technology. Fortunately, newer RFID chips make carrying out this adventure much more difficult, but not impossible.
Consider using a privacy screen for your laptop and phone.
When traveling to a place full of security, turn off Wi-Fi, Bluetooth, and Near Field Communication (NFC) on your phone, tablet, and laptop. Funny things can happen when traveling to China or even to an unsafe Starbucks.
Choose a password-protected access point on the hotel’s Wi-Fi. If you must use hotel Wi-Fi, pair with a VPN.
Be careful with Bluetooth devices like your remote mouse, keyboard, and AirPods.
Use a VPN wherever you go. According to Cloudwards, 57% of respondents say they don’t need a VPN for personal use and 22% say they don’t need one for work.
Encrypt text messages and chats and other communications using Telegram, Signal or other encryption-based communication platform. Suppose third parties are reading unencrypted apps.
As you can see, most cyber security when traveling involves initial preparation. Like everything else related to security, it is essential to keep systems, software and browsers up to date and patched. When traveling abroad, understand that not everywhere there is freedom. Know where you are going and what your local privacy laws are.
In short, keep a low profile when working remotely or traveling. Don’t risk yourself or take any unnecessary risks.
Roy Zur is CEO of ThriveDX Enterprise Division.
VentureBeat’s mission is to be a digital public square for technical decision makers to gain insights into transformative business technology and transact. Discover our informative sessions.