Join on-demand sessions at the Low Code/No Code Summit to learn how to successfully innovate and increase efficiency by improving and scaling civilian developers. look now
As the holidays approach, many remote workers, who are already at increased risk of cyberattacks, will be traveling and booking vacations to visit family and friends. This could add to IT teams' concerns about cybersecurity, which have already been exacerbated by the pandemic and its aftermath. In a survey conducted by the Ponemon Institute, 65% of IT and security professionals said they find it easier to protect an organization's confidential information when employees are in the office.
Whether employees are working from home, at a conference, or even on vacation, there are many security pitfalls. The fact is that with each remote employee, the organization's attack surface increases. Some employees are undermining their cybersecurity by working from home. For others, the journey leads to fatigue and poor decision-making, including shorting the safety path. It's a problem when 76% of executives admit to bypassing security protocols to get things done faster.
While technology has made great strides in protecting us from ourselves, working from home can quickly turn sour if we don't take basic cybersecurity measures. This article covers a number of security best practices for remote work and travel. Of course, not all advice is appropriate for all situations. However, it is important to understand your current and future environment, assess your relative risk, and take steps to protect your sensitive credentials, devices, and data.
Here are some tips to help you stay safer when working remotely or traveling.
incident
Intelligence and Security Summit
On December 8, learn about the critical role of AI and machine learning in cybersecurity and industry case studies . Sign up for a free pass today .
Do this first: Lock your SIM card.
To go or not to go block SIM SIM copying (or SIM swapping, unauthorized transfer or "slapping") is a real crime and is not reported. If the attackers impersonate you, contact your operator and "get" your (them) SIM card. Imagine someone stealing your entire online life, including your social media accounts.
In other words, your phone number is now theirs. All of your password resets are now performed by an attacker. With the number of business accounts, social media accounts and apps running on your phone number, the nightmare of this crime is quickly becoming apparent. If you haven't already done so, have your mobile operator block your SIM card.
Here is some information about Verizon's number blocking feature.
Cybersecurity tips for remote and mobile workers
Book all day, every day. When you're on the go, keep a backup at home or in the cloud.
Use a password-protected WiFi network that supports WPA (ideally WPA3).
Create a strong password (with upper and lower case letters, special characters and multiple characters). Never keep passwords to yourself or on your phone, even in the notes area. Ideally, your employer should use a password manager , but chances are they won't. According to the SpecOps 2022 Weak Password Report, 54% of organizations do not use a password manager. It is alarming that 48% of organizations do not have user authentication for IT help desk calls.
Repair and update all the devices you use, including apps. Do the same for browsers and anything you use on those devices. In August 2022, Apple announced that unreleased versions of the iPad, iPhone, and Mac could be hacked. Make sure everything is up to date when entering an unfamiliar environment.
To update all apps on your iPhone and iPad at once if they don't update automatically:
In addition to updating and patching everything, make sure your browsers have strong security settings especially when you're away from home. If you don't want to mess with the settings, you should download Mozilla Firefox Focus and make it your travel browser. By default, Firefox Focus clears the cache after each use and leaves no breadcrumbs for use.
Use two-factor authentication (2FA) everywhere, for everything. When choosing how to get a password, always choose a symbol instead of text as it is much more secure. At Black Hat 2022, a Swedish research team showed how dangerous text-based authentication is. If a hacker has your credentials and phone number, SMS authentication simply won't protect you.
Update your Zoom software. Ivan Fratric, a security researcher at Google Project Zero, showed how a bug in an earlier version of Zoom (4.4) allowed remote code execution using XMPP code in Zoom's chat function. Once the payload is activated, Fratric can spoof messages. In other words, he can impersonate anyone you work with. What could go wrong?
Security and Travel: Leaving the home office
Whether it's at Starbucks, Las Vegas or abroad, digital nomads need to be able to raise money with ease. Leave unnecessary equipment at home. Keep only what you need for work without risking all of your personal history. Take a laptop lock with you to lock your computer at each workstation, as IBM instructs its field workers. Also, invest in a physical one-time password (OTP) authenticator. Some companies, like Google, require their employees to use them. Employees can't access anything without a physical device.
Leave confidential information at home. Do not carry devices that contain personally identifiable information (PII) or sensitive company documents. Do you use a specific laptop for online banking and mortgage underwriting? leave it at home Want to take your work computer with you on vacation? change of mind. What happens to your career if company secrets fall into the wrong hands? Of course, you should take your laptop with you on business trips, but make sure it doesn't contain personal data.
Use RFID blockers to protect your passport and credit cards from "contactless crime". While contactless payments are convenient in grocery stores and payment booths, they can be quite problematic in the realm of threats that use radio frequency identification (RFID) scanners. An RFID scanner in the wrong hands allows hackers to simply walk past a group of people and reveal the card's identity information.
An easy way to protect against this is to use RFID blockers (basically card sleeves or "sleeves"), which protect payment cards, room keys and passports from RF or skimming attacks. There are now entire categories of wallets, purses, and wallets that use RFID technology. Fortunately, more modern RFID chips make it much more difficult, but not impossible, to eliminate this hijacker.
Consider using a privacy screen for your laptop and phone.
When traveling in a high-risk area, turn off Wi-Fi, Bluetooth and Near Field Communication (NFC) on your phone, tablet and laptop. Funny things can happen when you travel to China or even an unsecured Starbucks.
Choose a password-protected hotspot instead of the hotel WLAN. If you must use hotel WiFi, connect to a VPN.
Be careful with Bluetooth devices such as remote mice, keyboards and AirPods.
Use VPN wherever you are. According to Cloudwards, 57% of respondents say they don't need a VPN for personal use, and 22% say they don't need one for work.
Encrypt text messages, chats and other communications with Telegram, Signal or any other encryption-based communication platform. Suppose third parties play unencrypted programs.
package
As you can see, most cybersecurity when traveling requires advance preparation. As with anything security-related, it's very important to keep your systems, software and browsers up-to-date and patched. If you travel abroad, you know that there is not always a free house. Know where you're going and what local privacy laws apply.
Therefore, be careful when working or traveling long distances. Do not take risks or take unnecessary risks.
Roy Suhr is the CEO of ThriveDX Corporate .
VentureBeat's mission is to become a public digital space where technology decision makers can learn about disruptive technologies and business transactions. Check out our newsletter.