Top employee cybersecurity tips for remote work and travel | Tech US News


Check out the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiency by improving and scaling citizen developers. look now.

With the holidays approaching, many remote workers, already at increased risk of cyberattacks, will be traveling by booking holiday trips to visit family and friends. This will likely exacerbate IT teams’ anxiety about cybersecurity, already exacerbated by the pandemic and its side effects. In a Ponemon Institute survey, 65% of IT and security professionals said they found it easier to protect an organization’s sensitive information when staff worked in the office.

Whether employees are working from home, at a conference, or even on vacation, security concerns abound. The fact is that with every remote worker, an organization’s attack surface grows. Some employees let their cyber guard down while working from home. For others, traveling leads to fatigue and poor decision-making, including safety shortcuts. This is a problem when 76% of CEOs admit to bypassing security protocols to get something done faster.

While technology has made significant strides in protecting us from ourselves, working remotely can quickly go south if we don’t take basic cybersecurity precautions. This article covers a number of security best practices for remote work and travel. Obviously, not all advice applies to all situations. That said, it’s critical to understand your current and future environment, assess your relative risk, and take steps to protect your credentials, devices, and sensitive data.

Here are some tips to improve your security posture while working remotely or traveling.


Smart Security Summit

Learn the critical role of AI and ML in cybersecurity and industry-specific case studies on December 8. Sign up for your free pass today.

Sign up now

Do this first: lock your SIM card

Trip or no trip, lock your SIM card. SIM grabbing (or SIM swapping, unauthorized porting, or “slamming”) is a real, underreported crime where threat actors pretend to be you, contact your wireless provider and ” port’ your SIM card to your (your) ‘new phone’. Imagine someone stealing your entire online life, including your social media accounts.

In other words, your phone number is now theirs. Now all your passwords are reset via threat actor When you consider how many work credentials, social media accounts, and apps go through your phone number, the nightmare of this crime quickly becomes apparent. If you haven’t already done so, lock your SIM card with your wireless provider.

Here is some information about Verizon’s “Number Blocking” feature.

Cybersecurity tips for remote workers and travelers

Back up all day, every day. If you’re traveling, leave your backup at home or in the cloud.

Use a password-protected Wi-Fi network that is WPA-enabled (ideally WPA3).

Create a strong password (with uppercase and lowercase letters, special characters, and multiple characters in length). Never store passwords on your person or phone, even in the notes section. Ideally, your employer uses a password manager, but they likely aren’t. According to SpecOps’ 2022 Weak Passwords Report, 54% of companies don’t use a password manager. Even more concerning, 48% of organizations do not have user verification for IT help desk calls.

Patch and update every device you’re using, including apps. Do the same for browsers and anything else you’re running on those devices. In August 2022, Apple announced that unpatched versions of iPads, iPhones, and Macs could essentially be taken over by threat actors. Make sure everything is up to date as you step into an unfamiliar environment.

Here’s how to update all the apps on your iPhone and iPad if you don’t have them set to update automatically, all at once:


Go to the app store.
Click on “Applications”.
Click Account (top right).
Click “Update All”.

In addition to updating and patching everything, make sure browsers are running strict security settings, especially when you’re away from your home office. If you don’t want to fiddle with settings, consider downloading Mozilla Firefox Focus and making it your travel browser. Firefox Focus deletes the cache by default after each use, leaving zero browsing crumbs.

Use two-factor authentication (2FA) everywhere and with everything. When choosing how to receive your authentication code, always choose token over text, as it is much more secure. At Black Hat 2022, a Swedish research team demonstrated exactly how insecure text authentications are. If a hacker has your login credentials and your phone number, text-based authentication simply won’t protect you.

Update your Zoom software. Ivan Fratric, a Google Project Zero security researcher, demonstrated how a bug in an earlier version of Zoom (4.4) allowed remote code execution by exploiting XMPP code in Zoom’s Chat feature. Once the payload was activated, Fratric was able to spoof the messages. In other words, he was able to impersonate the person you work with. What could go wrong?

Security and travel: Leave the office at home

Whether it’s for Starbucks, Las Vegas or abroad, digital nomads should pack light. Leave unnecessary devices at home. Take only the essentials to do your job without compromising your entire personal history. Bring a laptop lock to lock your computer at any workstation, as IBM instructs its traveling employees. Also, invest in a physical one-time password (OTP) authenticator. Some companies, such as Google, require employees to use them. Employees cannot access anything without the physical device.

Leave sensitive data at home. Do not bring devices that contain personally identifiable information (PII) or confidential company documents. Do you use a particular laptop for online banking and signing mortgage documents? Leave it at home. Want to take your work computer on vacation? reconsider What happens to your career if company secrets fall into the wrong hands? Of course, you’re expected to take your laptop on a business trip, but just make sure it’s free of your personal information.

Use RFID blockers to protect your passport and credit cards from “contactless crime.” While contactless payments are convenient at grocery stores and toll booths, they can be quite problematic for threat actors using radio frequency identification (RFID) scanners. An RFID scanner in the wrong hands allows hackers to simply walk past a group of people and unmask the ID card information.

The simple way to protect against this is to use RFID blockers (basically card envelopes or “sleeves”) that protect payment cards, room keys and passports from radio frequency or skimming attacks. There are now entire categories of wallets, purses, and wallets that integrate RFID technology. Fortunately, more modern RFID chips make it much more difficult, but not impossible.

Consider using a privacy screen for your laptop and phone.

When traveling to a security-heavy location, turn off Wi-Fi, Bluetooth, and Near Field Communication (NFC) on your phone, tablet, and laptop. Funny things can happen when traveling to China or even an unsecured Starbucks.

Choose a password-protected access point via the hotel Wi-Fi. If you must use hotel Wi-Fi, link with a VPN.

Be wary of Bluetooth devices like your mouse, keyboard, and remote AirPods.

Use a VPN wherever you want. According to Cloudwards, 57% of respondents say they don’t need a VPN for personal use and 22% say they don’t need one for work.

Encrypt text messages and chats and other communications using Telegram, Signal, or another encryption-based communication platform. Assume third parties are reading unencrypted applications.

Wrapping up

As you can see, most of cybersecurity when traveling involves front-end preparation. Like everything security-related, it’s critical to keep your systems, software, and browsers up-to-date and patched. When traveling abroad, understand that not all places are home to the free. Know where you’re going and what your local privacy laws are.

In short, keep a low profile when working remotely or traveling. Don’t take unnecessary risks or risks.

Roy Zur is CEO of ThriveDX’s business division.

VentureBeat’s mission is to be a digital town square for technical decision makers to learn about transformative business technology and transact. Discover our Briefings.


Source link

Please disable your adblocker or whitelist this site!