Cyber criminals are also looking forward to your holidays!
No matter if vacation or business trip, employees who travel are unfortunately often carefree. This often starts with online bookings and ranges from their out-of-office e-mails to the handling of their work mobile phones to email payment instructions from the supposed boss. But even a few simple principles can provide more security on (business) trips.
Meeting new people, a different landscape in front of the window and even the bath towel doesn’t smell like home: coming out is always a good thing – (almost) no matter whether it’s a holiday or a business trip. But it also always means: a security gap. Because while most people check the windows three times before they leave their homes to make sure they are really locked, they usually don’t keep their Internet alter ego that way – creating loopholes for cyber criminals.
Travel safely despite industrial espionage and secret service
On the way, the majority of the protective functions offered by the normal corporate environment are dispensed with. At border crossings you are in the hands of the respective country or the employees. With our tips you travel safely to the USA, China or any other country. read
It is hardly surprising that people concentrate on things other than digital security before they go on holiday or business trip. However, this should not mean that all the security measures that would otherwise apply are forgotten. Being on the road interrupts everyday life, which is why we also need non-routine measures.
Always book through trustworthy dealers!
Often employees book their business trips themselves and settle the costs later. Fraudsters know this – and take advantage of it by pretending to be travel agencies or creating websites on which they lure customers with discounts for hotel rooms, flights and rental cars.
Just a few basic rules can help raise employee awareness:
- Companies should set policies and procedures for booking travel, including which booking agencies and travel sites to use. This can be regulated, for example, if bookings made through other channels are not refunded.
- Employees should be instructed to ignore travel discounts received via unsolicited emails – and not click on any links. It makes more sense to go to trusted websites directly by entering the URL in the browser window or by calling a verified telephone number – and asking whether the offer received is legitimate.
- Credit cards offer protection mechanisms that bank transfers and debit cards, for example, don’t have – making them the best option for online payments. A particular credit card is only useful for this type of booking. Not weak in discounts for alternative payment methods: they are not worth the lower security.
Packing: as much as necessary, as little as possible!
For a private holiday, most people only pack the essentials – one shirt less, the little shower gel, Kindle instead of books. This principle should also apply to mobile devices and personal data on business trips: End devices that contain sensitive company data should – as far as possible – remain at home. Travelers should also minimize the number of credit cards and other personally identifiable items such as driver’s licenses and office access cards.
Companies whose employees even travel to countries known for spying on sensitive data should consider providing them with disposable phones and special travel laptops whose fixed memories are regularly formatted.
No absence mail with concrete data!
An out-of-office mail is also there to happily inform others that you are enjoying a holiday. Or in the case of business trips: that there is no answer for the time being – not out of bad faith, but because you don’t read your mails.
The problem with a detailed out-of-office-mail in both cases is that cybercriminals find out that someone does not return from the Balearic Islands or Frankfurt until 23 June. They will then know exactly how long they can use an identity. The main targets of such hacks are people who work with sensitive data – or have an influence on business processes, such as accounting, human resources or management. (See also: „Trust is good – control…you already know“).
The work phone is not feeling well at the pool!
Apart from the questionable recovery effect, if you lie at the pool with your work phone: Company equipment that has to be taken on trips (see also: „Packing: as much as necessary, as little as possible“) should be stored safely. If you leave them in the hotel room, they belong in the safe. Because a stolen or lost device can cause massive problems – for example, if sensitive data is on it. This can quickly have costly consequences, both economically and for the company’s reputation.
Beware of open WLANs!
Of course, it is practical to quickly secure your window seat for the return flight from a café or answer a few more e-mails – but you should definitely be aware of the possible security risks associated with Open Access WiFi.
A few basic rules are already helpful here:
- „Mainstation WiFi“ sounds trustworthy – but before using it, it’s important to make sure that it’s really a legitimate WLAN. Serious names don’t automatically mean that fake networks are relatively easy to set up.
- Anyone surfing in an open WLAN should avoid using password-protected accounts if possible – and refrain from any financial transactions at all.
- The safest way is to connect to an open WLAN via a VPN (Virtual Private Network), which offers an additional security and encryption layer.
- The function to automatically connect to open networks should always be deactivated because it makes the mobile phone more vulnerable to attacks.
- If in doubt, it is better to use the mobile network than the WLAN. Even a laptop can work without WLAN if you set up a hotspot with your smartphone.
At futurezone.at you can find a few more tips on this topic.
Trust is good – control is… you know…
Everyone in the company trusts a CEO or someone else at management level (up to a certain point) – and therefore also the messages that this person sends. Fraudsters increasingly rely on it – and impersonate the CEO of the company (see also: „No absence mail with concrete data“), who, for example, quickly orders a payment from his business trip. Or they can tempt employees with similar explanations to pass on credentials for sensitive data areas – a classic attack via phishing or social engineering, which even large companies fall for.