Security Tips as Summer Travel Heats UpJulia Weifenbach
“Safe travels!” It’s been a long time since most of us have uttered that phrase. Now we’re saying it with increasing regularity as family members, friends and colleagues are traveling again with greater ease and confidence. I’d like to suggest that when those of us in the security industry wish someone a safe trip, we use the opportunity to remind them of the increased cybersecurity risk they now face and share our expertise for how to protect themselves.
The threat landscape has escalated over the past two years between the pandemic and the evolving geopolitical environment. With more people working remotely, the attack surface has grown significantly. Additionally, everyone is using new applications on their laptops and phones – some portion of which haven’t been vetted and sanctioned by IT departments. Organizations can’t protect individuals that are working “off platform” (i.e., using personal systems not provided by work).
Threat actors are using these devices and unprotected or vulnerable applications to infiltrate the networks of organizations to commit cybercrime and wreak havoc. They’re also leveraging human vulnerabilities, impersonating trusted colleagues and third parties to conduct fraud. According to the FBI, business email compromise (BEC) and email account compromise scams—targeting small businesses to larger corporations, and personal transactions—surpassed $43 billion globally in 2021, and can be at least partially attributed to more people conducting business virtually. And one study finds that 88% of data breaches are caused by human error.
This is why, as travel resumes, it’s important that we raise awareness for what we can each do to help mitigate risk. Here are five areas to consider.
- Strengthen passwords and use MFA. Simple passwords are easy for hackers to crack, and password reuse opens the door for them to compromise additional accounts and gain access to your confidential information. Create long and unique pass-phrases for each account, change them frequently, particularly after you return from a trip, and use multifactor authentication (MFA) wherever possible. If this starts to get cumbersome and hard to keep track of, use password managers to generate and remember different, complex passwords for each of your accounts.
- Use public WiFi with caution. Public WiFi doesn’t provide the same levels of protection as your WiFi at home or the online network provided by your employer. In fact, some public WiFi systems don’t even require a password to log on. This makes it is easy for threat actors to spy on you and access your private information such as bank account passwords and credit card details. To reduce your exposure, limit the activities you engage in while on public WiFi, periodically disconnect and reconnect, and completely log out when you’re done.
- Update applications and systems. Technology vendors are doing their best to keep users safe, issuing patches and updates regularly. Stay current with these security settings by turning on automatic application updates when available, for example with Microsoft and Google Chrome, and then shutdown systems every night and enable updates when prompted. This applies to phones and other smart devices too. Accept the automatic system updates when prompted and keep phones plugged in and turned on at night to process updates during less busy times.
- Download apps from official stores. It’s fun to try out new games and other apps while traveling but be savvy about sources that provide apps for download. Google and Apple vet applications and ensure they meet privacy and security requirements, so stick to apps and games that are available in these stores instead of downloading them from sites you don’t know, trust or haven’t interacted with before.
- Think before you click. Losses from emails scams and ransomware continue to rise. These attacks often leverage phishing and social engineering to manipulate people into transferring funds or providing financial information, or trick them into clicking on malicious links or attachments. Instead of rushing through emails, be mindful of what you are receiving and from whom. Hover over links to see if they resemble legitimate addresses and watch for spelling and grammatical errors and generic greetings which can indicate the email is malicious. If in doubt as to the legitimacy of an email, delete it or call the colleague who appears to have sent the email to verify its authenticity.
These simple tips are second nature to those of us in the cybersecurity industry, but don’t assume family members, friends and colleagues are equally security savvy. As they start to travel again and you wish them “safe travels”, take the opportunity to educate them so they can better protect their data and online activities while they’re on the road.