Ron Sharon

Cybersecurity and Technology Leader

Keven Moore: Try these cyber security tips to protect sensitive business information when using public wifi

This article originally appeared on Source link

There was a time early in my career when I could leave the house and take a business trip leaving work behind while traveling on a plane, only to land and have my pager go off, forcing me to run to a nearby payphone to catch up with your work issues.    

Payphones are a thing of the past. In fact, if you want a good laugh, try showing a picture of a payphone to a Gen Z’er and ask them what it is?  

(Image from Wikimedia Commons)

Today we are all interconnected, either by cellphone, email, text messaging or social media, and on-call 24/7 even when traveling at 30,000 feet. Safety while traveling used to mean securing your purse or wallet, or credit card, avoiding shady motels, and crime-infested areas. That’s all still important. But traveling safely today also means protecting yourself when using public Wi-Fi.

When I think back on the number of times I jumped on a computer in a hotel’s business center without an ounce of concern, it brings chills. I didn’t realize back then that hackers could have used malware to steal my password after logging into my work email or checking a balance on one of my bank accounts.   
 
Today you must guard your computer, tablet, or mobile device as your online passport. You’d never leave your passport or wallet lying around in a restaurant, airport or hotel lobby giving others access to your personal information. But by using unsecured public Wi-Fi while you travel, you could be exposing data that could make your online accounts vulnerable and put you at risk for identity theft. 

Today more than ever, organizations face heightened cybersecurity risks when their employees are traveling on business. Business travelers are prime targets for cybercriminals, as they often carry valuable data and may not always be careful about securing their devices. 

Business travelers’ laptops, smartphones, and tablets are particularly vulnerable to data breaches, loss, and theft. According to research from Morning Consult on behalf of IBM Security, more than 1 in 7 travelers have had their personal information stolen on the road or abroad.   

Hotel lobbies with public wifi are an ideal location for hackers looking for vulnerable targets (Photo from Wikimedia Commons)

Some common cyber threats that business travelers may encounter include publicly accessible hotel computers — 64% of business travelers have used their login credentials to access accounts on public and hotel computers. Public computers often lack sufficient security capabilities and may be infected with malware just waiting to steal your information. Hotels specialize in hospitality not information security.  

Remember there is no guarantee that the person who set up the hotel’s business center or WIFI system actually installed, turned on, and updated the security features. It’s not their information that they are protecting, and they don’t have a vested interest in protecting your information.

Hackers are finding innovative ways to gain unauthorized access to personal information or company data. However, one of the simplest ways to do so is through an unsecured Wi-Fi network. According to IBM X-Force Incident Response and Intelligence Services (IRIS), 84% of business travelers connect to public Wi-Fi networks. While convenient, public Wi-Fi networks are unsecured and can allow cybercriminals easier access to connected devices — as well as the data stored on them — than private Wi-Fi networks. 

When a Wi-Fi hotspot is unsecured, that means the data you transmit or receive is unprotected. Anybody on the same network could spy on your information if they have the know-how. If you do decide to use free public Wi-Fi, be careful about the types of sites you visit. It’s safest not to log in to any sites that require a password.

Keven Moore works in risk management services. He has a bachelor’s degree from the University of Kentucky, a master’s from Eastern Kentucky University and 25-plus years of experience in the safety and insurance profession. He is also an expert witness. He lives in Lexington with his family and works out of both Lexington and Northern Kentucky. Keven can be reached at kmoore@higusa.com

Theft or loss of your electronic devices is a major threat to business travelers, as this can result in the exposure of important data. Devices could be lost or stolen in airports, hotel lobbies, conference rooms or rental cars.  

Neglecting cybersecurity when employees are on the road or abroad can be harmful and costly to any business or organization. The cost of data breaches is rising rapidly, increasing 10% year over year according to the 2021 CyberSecurity Ventures report. According to the latest data breach report by IBM and the Ponemon Institute, the cost of a data breach in 2021 is US$ 4.24 million, which is a 10% rise from the average cost in 2019 which was $3.86 million.

Here are some countermeasures employers can implement to minimize cybersecurity risks for business travelers:

Establish Wi-Fi policies. First and foremost, employers should have policies in place requiring employees to confirm the network name and precise login procedures with the appropriate staff before connecting to public Wi-Fi networks in airports or hotels. Sensitive activities, such as banking or confidential work-related projects, should not be conducted on public Wi-Fi networks. Employers should provide periodic refresher training to their employees. Auto-connect should also be disabled so devices don’t connect to Wi-Fi networks automatically. 

Conduct physical security training for digital valuables. Most travelers let their guards down once they arrive at their destination, but that can be one of the times they’re most susceptible to theft. Employers should encourage business travelers to never leave their devices unattended. Employees should also be instructed to utilize strong passwords or multifactor authentication capabilities, if possible, and lock devices in hotel safes upon leaving their rooms. 

Swap passwords. Encourage your employees to change their passwords before traveling. If somebody needs to log in to accounts with sensitive information — like social media, banking, or email accounts — have them switch to a new, complex password before leaving, and then have them change them again when you get home.

Enforce Virtual Private Network (VPN) use. Via a VPN, all online traffic is routed through an encrypted virtual tunnel. Such a network reduces the risk of cyberattacks by establishing a secure connection between users and the internet. Employers should create VPNs and require employees to utilize these networks whenever possible, especially during business travel.

Encourage employees to pack minimal devices. Leaving unnecessary technology at home can help reduce the chance of theft or data loss. As such, employers should only permit employees to bring devices that are essential to completing their job duties on the road or abroad.

Require regular software updates. Cybercriminals typically look for security flaws in outdated software. Updates are sent out to patch any holes in the software and reduce the opportunity for cybercriminals to attack. Employees should be required to update the software on all their devices regularly. 

Establish response plans. Employers should have specific response plans that outline steps to take when devices containing confidential information are compromised, lost, or stolen on the road and abroad. Business travelers often carry sensitive personal and work-related data on various electronic devices, leaving them susceptible to cyberattacks. It’s important to remain on guard when traveling to best protect your personal and business safe and secure.  

Remember there are hundreds if not thousands of hackers out there who want to go shopping with your credit cards.  

Be Safe My Friends!