Consider this before taking your next trip: When traveling for business, you are more likely to get hacked than to get mugged, according to a recent report.
Are you among the rapidly growing group of professionals - like lawyers, IT professionals, financial advisors or executive search consultants - who stay connected with their job while on an extended weekend or a vacation trip?
Then you potentially put your organization at risk every time you fire up your notebook or tablet computer in an airport lounge, hotel room or beach restaurant.
Don’t be the one employee whose carelessness opens the door for online crooks. October is National Cybersecurity Awareness Month, so here's to cybersecurity awareness while traveling:
The following eight simple precautions will help you protect yourself and your company against data breaches when accessing the web while traveling:
- Before connecting over WiFi, verify the access point you are going to use. Prefer those that are protected with a password.
Did you ever hear about “rogue access points”? These are public networks with official-sounding labels like “Guest Connect”, “Conference WiFi” or “Official [...] WiFi”, but they were set up by crooks to lure in unsuspecting mobile workers and tourists. Such “bait spots” may pop up on your screen in coffee shops or around convention centers and hotel neighborhoods.
The victims wouldn’t know. They get connected to the Internet as expected. But in the background, all their data, passwords, access code, emails… - is intercepted by the attacker first, and then passed on to the location’s real access point.
Even encrypted information may be intercepted and decoded by the attackers this way. Read all about how it works and what to watch out for in our in-depth blog post: Stealing data over WiFi is easier than you think.
Tip: Don’t use public WiFi at all, unless with a secure browser like Silo (see tip # 8). Instead, use the hotspot feature of your smartphone, if available.
- Access only websites that can provide an encrypted connection to communicate with your browser.
This security feature will be indicated by a padlock icon displayed in the browser, next to the URL of the page you are visiting. It is becoming standard for servers that require you to log in or that handle sensitive data, like shopping or banking portals.
Note that more major hotel chains have been impacted by large-scale data breaches over the past two years, due to a woeful lack of information security in the hospitality, meetings, and events industry. If your attempt to access the hotel web results in an “outdated security certificate” or the likes, better heed the warning, forget the whole thing and pick a safer place to connect.
- Speaking of which - you better totally avoid connecting to your online banking, work email or employer portal account on open networks and from shared computers.
Most advanced cyber schemes designed to steal sensitive personal information or critical business data rely on a widely cast net of malware and “bots”. Logging in from a remote Greek island doesn’t mean the password of a vacationing lawyer is safe from hackers in China who have their eyes already set on her New York City-based law firm.
In public places, beware of shoulder surfers.“Shoulder surfing”, also referred to as “visual hacking”, is a tried-and-true method of crooks to gain unauthorized access to computer networks and bank accounts. Learn why from 3M’s whitepaper on its “visual hacking experiment” [PDF].
Like four-digit PIN numbers at the ATM, passwords that are too short and simple are easy to glean and memorize for anyone within line of sight. Shield your keyboard when entering your login on a website, on your laptop while waiting at the airport or on your iPad while enjoying a gelato in an outdoor cafe at a crowded tourist destination.
You didn’t notice anyone leaning over from the neighboring table? At many tourist destinations, it’s good to keep in mind that binoculars are cheap. Travelers are frequently snooped on from 2nd-floor apartments right across the street - rented by criminal gangs just for that purpose.
Beware the hotel business center.In July of 2016, journalist Robert McGarvey (###) bemoaned The Death of the Hotel Business Center on his blog.
“Understand this,” he wrote: “[B]usiness centers, many of them, are radically dangerous to your data security. They can be every bit as bad as public WiFi.” McGarvey describes why hotel business centers are infested with malware like keyloggers (spyware to steal your passwords), and quotes Authentic8’s Co-founder and CEO Scott Petry with this advice:
“Just don’t use a hotel business center.”
- If you absolutely must use a public or shared computer, in the hotel’s business center or the frequent flyer club, use the browser’s “Settings” menu to delete any cookies, browsing history and cache items before and after your session.
- On a shared or public computer, like in a hotel lounge or in an AirBnB pad, make sure to log off from each site yourself by clicking the “Logout” button.
Here’s why: Social media platforms like Facebook, Twitter or LinkedIn will do everything to keep you “engaged”. Per design, that includes keeping the computer logged in, even after you thought you finished the session. The next person at the computer may use the opportunity to change your login and then send scam emails to all your Facebook friends or co-workers back home.
- Follow this advice from the Air Ambulance Card blog: “If you are a business person and must log in, consider a service like Authentic8.”
We couldn’t have said it better, except for adding that Authentic8’s Silo, the most secure browser available, will protect you even when skipping one or more of items 1 through 7 on this short list.
Regular browsers fetch and process content (including malicious code) from the web onto your computer or mobile device. This opens the door for ransomware or spyware that secretly logs your passwords.
With Silo, the virtual browser, no code from the web - good or bad - ever touches your computer. Silo launches in the cloud, where it processes all web content in a secure container.
Web pages are transmitted back to your computer as display information - pixels - only, via a fast encrypted connection. When you’re done, your “disposable browser” in the cloud simply self-destructs, leaving no trace of the web session behind.