BradEgeland.com
  • Welcome
  • Blog
  • Expertise
  • Resume
  • Software / Service Reviews
  • Contact
  • Videos
  • Books / White Papers
  • Mentoring Contact Form
  • Awards/Recognition
  • Templates & Downloads
  • Clients
  • Professional Services
  • Past Survey Results

Cybersecurity Tips for Remote Work and TravelNovember 22nd, 2022

11/22/2022

0 Comments

 
With the holidays approaching, many remote workers, already at heightened risk of cyberattacks, will be traveling booking holiday travel to visit family and friends. This will likely exacerbate IT teams’ anxiety about cybersecurity, already heightened by the pandemic and its aftereffects. In a survey by the Ponemon Institute, 65% of IT and security professionals said they found it easier to protect an organization’s confidential information when staff were working in the office.


Whether employees are working from home, a conference or even vacation, security pitfalls abound. The fact is that with every remote worker, an organization’s attack surface grows larger. Some employees let their cyber guard down while working from home. For others, traveling leads to tiredness and poor decision-making, including taking security shortcuts. This is a problem when 76% of CEOs admit to bypassing security protocols to get something done faster. 



While technology has made significant strides in protecting us from ourselves, working remotely can quickly go south if we don’t take basic cybersecurity precautions. This article covers a range of security best practices for remote work and travel. Obviously, not every tip applies to every situation. That said, it is crucial to understand your current and future surroundings, assess their relative risk and take steps to protect your credentials, devices and confidential data.


Here are some tips to help improve your security posture during remote work or travel.


EVENT

Intelligent Security Summit


Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today
Register Now


Do this first: Lock your SIM card 

Trip or no trip, lock your SIM card. SIM-jacking (or SIM-swapping, unauthorized port-out or “slamming”) is a real and underreported crime where threat actors pretend to be you, contact your wireless provider and “port over” your SIM card to your (their) “new phone.” Imagine someone stealing your entire online life, including your social media accounts.

In other words, your phone number is now theirs. All your password resets now run through the threat actor. Considering how many work credentials, social media accounts and apps run through your phone number, the nightmare of this crime quickly becomes evident. If you haven’t already done so, lock down your SIM card with your wireless provider.

Here is some information on Verizon’s “Number Lock” feature.

Cybersecurity tips for remote and traveling workersBack everything up all day, every day. If traveling, leave the backup at home or in the cloud.

Use a password-protected WPA-enabled Wi-Fi (ideally WPA3) network.

Create a strong password (with upper and lower case letters, distinctive characters, and several characters long). Never store passwords on your person or on the phone, including in the notes section. Ideally, your employer should be using a password manager, but chances are they’re not. According to SpecOps’ 2022 Weak Password Report, 54% of businesses do not use a password manager. Even more troubling, 48% of organizations don’t have user verification for calls to the IT service desk.

Patch and update every device you are using, including apps. Do the same for the browsers and everything else you’re running on those devices. In August 2022, Apple put out the word that unpatched versions of iPads, iPhones and Macs could be essentially taken over by threat actors. Make sure everything is current as you step into an unfamiliar environment.

Here’s how to update every app on your iPhone and iPad if you don’t have them set to automatically update — all at once:

iPhone

Go to the app store.

Click on “Apps.”

Click on Account (upper right).

Click “Update All.”

In addition to updating and patching everything, make sure browsers are running strict security settings, especially when outside your home office. If you don’t want to mess with settings, consider downloading Mozilla Firefox Focus and making it your travel browser. Firefox Focus defaults to purging the cache after every use, leaving behind zero breadcrumbs to exploit.

Use two-factor authentication (2FA) everywhere and with everything. When choosing how to receive the authentication code, always opt for token over text as it’s much more secure. At Black Hat 2022, a Swedish research team demonstrated exactly how insecure text authentications are. If a hacker has your login credentials and phone number, text-based authentication simply won’t protect you.

Update your Zoom software. Ivan Fratric, a security researcher with Google Project Zero, demonstrated how a bug in an earlier version of Zoom (4.4) allowed remote code execution by exploiting the XMPP code in Zoom’s Chat function. Once the payload was activated, Fratric was able to spoof messages. In other words, he was able to impersonate anyone you work with. What could go wrong? 

Security and travel: Leaving the home office

Whether headed to Starbucks, Las Vegas or overseas, digital nomads should pack lightly. Leave unneeded devices at home. Take just the essentials to get your job done without compromising your entire personal history. Bring a laptop lock to lock your computer to any workstation, as IBM instructs its traveling employees. Also, invest in a physical one-time password (OTP) authenticator. Some companies, like Google, require employees to use them. Employees cannot access anything without the physical device.

Leave sensitive data at home. Don’t bring devices containing personally identifiable information (PII) or confidential company documents. Do you use a particular laptop for online banking and signing mortgage docs? Leave it at home. Want to take your work computer on holiday? Reconsider. What happens to your career if company secrets fall into the wrong hands? Of course, taking your laptop on a business trip is expected, but just make sure it’s free of your personally identifiable information.

Use RFID blockers to shield your passport and credit cards from “contactless crime.” While contactless payments are convenient at grocery stores and toll booths, they can be quite problematic within range of threat actors employing radio frequency identification (RFID) scanners. An RFID scanner in the wrong hands allows hackers to simply walk past a group of people and unmask identifiable card information.

The simple way to guard against this is to employ RFID blockers (basically card envelopes, or “sleeves”) that protect payment cards, room keys and passports from radio frequency attacks, or skimming attacks. There are now entire categories of wallets, bags and purses integrating RFID technology. Fortunately, more modern RFID chips make pulling off this caper much more difficult — but not impossible.

Consider using a Privacy Screen for your laptop and phone.

When traveling to a security-fraught location, turn off Wi-Fi, Bluetooth and Near Field Communication (NFC) on your phone, tablet and laptop. Funny things can happen when traveling to China or even an unsecured Starbucks. 

Choose a password-protected hotspot over hotel Wi-Fi. If you must use hotel Wi-Fi, pair with a VPN. 

Be wary of Bluetooth devices like your remote mouse, keyboard and AirPods.


Use a VPN everywhere you go. According to Cloudwards, 57% of respondents say they don’t need a VPN for personal use, and 22% say they don’t need one for work.

Encrypt text messages and chats and other communication by using Telegram, Signal or another encryption-based communication platform. Assume third parties are reading unencrypted apps.

Wrapping upAs you can see, most cybersecurity when traveling involves front-end preparation. Like everything else security-related, it’s crucial to keep systems, software and browsers updated and patched. When traveling abroad, understand that not everywhere is home of the free. Know where you’re going and what their local privacy laws are.

In summary, keep a low profile when working remotely or traveling. Don’t take any chances or unnecessary risks.

Roy Zur is CEO of ThriveDX’s enterprise division.

0 Comments



Leave a Reply.

    Author:

    Picture

    Brad Egeland


    Named the "#1 Provider of Project Management Content in the World," Brad Egeland has over 25 years of professional IT experience as a developer, manager, project manager, cybersecurity enthusiast, consultant and author.  He has written more than 8,000 expert online articles, eBooks, white papers and video articles for clients worldwide.  If you want Brad to write for your site, contact him. Want your content on this blog and promoted? Contact him. Looking for advice/menoring? Contact him.

    Picture
    Picture
    Picture
    Picture
    Picture
    Picture

    RSS Feed

    Archives

    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    May 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011
    August 2011
    July 2011
    June 2011
    May 2011
    March 2011
    January 2011
    December 2010
    November 2010
    October 2010
    September 2010
    August 2010
    June 2010
    May 2010
    April 2010
    March 2010
    November 2009

    RSS Feed

Powered by Create your own unique website with customizable templates.