We all wait for the summer to take some time off, unwind and recharge. And while summertime might be downtime for you, that’s not the case for cyber-attacks, which are increasing in an alarming rate: from the most recent ransomware attack using the WannaCry computer worm, which crippled operations worldwide, to sophisticated nation-state activities, attacks directly on banks such as the SWIFT attack, and new areas such as the DDoS attacks using IoT botnets.
When you let your hair down, don’t let your cybersecurity guard down!
Diligence and good safety habits are important because the consequences of ignoring them, such as opening a malicious attachment or clicking on a link, can shut down your workplace’s entire operations or provide a way to penetrate into one of your large clients, like in the Target breach.
Therefore, since it’s important to remain diligent and protect your sensitive information even when you’re away from the office, we’ve outlined a list of tips:
Your pre-vacation checklist:
1. Update your operating system, applications and antivirus on all your devices to make sure that any known exploits are patched by the latest security fixes.
2. Back up your data to prevent losing information if your device gets lost, stolen or damaged (from a spilled drink or rough ride). Also, clean up the data saved on your device and erase any sensitive or redundant files that aren’t necessary while you’re away.
3. Stay away from public charging points. By merely plugging your device into an unknown USB port, you are susceptible to malicious software downloads. On this note, to avoid the risk of a malware infection, never insert or upload any foreign media – USB sticks, flash drives, CDs or DVDs.
4. Ensure your devices are password-protected to secure your devices and deny access to sensitive information that is stored on websites and apps. Also, consider setting a limit on the password attempts on your devices.
As you pack your sunscreen, don’t forget about your cybersecurity hygiene:
1. Pay attention to links you click and attachments you open. To avoid becoming a victim of a phishing attack, be aware of suspicious emails, unknown and shady email addresses, unusual requests for passwords and sensitive information, etc. Also, with the rise in ransomware attacks, be extra diligent when clicking on links and downloading attachments.
2. Stay away from unsecure Wi-Fi. This includes free networks in airports. A seemingly legitimate open network with the airport’s name or “Airport Wi-Fi” can turn out to be a rogue one set up by a hacker. Once you connect to such a network, the hacker can carry out a Man-in-the-Middle (MitM) attack and intercept all your communications, extracting passwords and accessing your email and social media accounts, as well as any other personal information you might be revealing while online. To stay better protected, stick to the secured Wi-Fi in the hotel or purchase a data plan from your cellphone carrier and use a personal hotspot.
3. Browse in HTTPS mode. This way any communication between your browser and the website is encrypted, enabling you to type personal information such as credit cards, passport numbers, etc., and preventing hackers from intercepting.
4. Use a VPN. If you access corporate information, use a virtual private network (VPN) to protect your data, so that even if the Wi-Fi network gets compromised, the data will still be protected in the absence of access to the decryption key.
5. Be careful about Bluetooth connections. If you use Bluetooth connections, for example when you rent a car or use the hotel’s amenities, make sure you delete the data when you disconnect because sometimes information from your smartphone remains stored on the connected device even after the connection has been terminated. Also, if your mobile device has Bluetooth enabled, any Bluetooth network can connect to your device without requiring confirmation. As a result, a hacker can connect to your device unbeknownst to you and install malware or steal information. Check your connectivity settings to require confirmation, or disable the Bluetooth connection if you do not need it.
6. Use public computers with caution. If you need to print something out while you’re away, assume that anything you do can be traced. Make sure to log out of websites and delete the history and any downloads. Also, do not log on to websites that require usernames and passwords in case the computer has been hacked and has a keylogger installed that can capture your passwords and other sensitive information.
7. Stay diligent for physical loss or damage. With all the virtual aspects, your devices are equally exposed to getting lost or stolen, so it’s important to practice caution. Don’t leave them unattended while charging; lock them in your room’s safety box (using a password that is not a generic 1234, or 1111). Additionally, install apps, such as “Find My iPhone” that can locate them if lost or stolen, and wipe their data remotely in the event of theft. You can also download apps such as “iGotYa” and “Lockwatch” that catch the thief on camera and upload the criminal’s photo to the cloud.
Summertime is a great time to be out of the office, enjoying the long days and good weather. You may let your hair down and relax, but stay on guard when it comes to your IT habits so that your time in the sun remains fun.