Five safety rules for holiday trips
It's no secret that many office workers go on holidays to travel and take a laptop or a smartphone with them to, for example, show funny video to relatives, or to capture, as they celebrate a holiday in other cities. But using a laptop or smartphone on a trip, they often unwittingly expose themselves and their companies to numerous risks. What is the interest of traveling employees are for intruders, and how to protect yourself?
The answer to this question is quite simple - it’s enough just to understand what the attackers will be able to do with the company's intellectual property if they can steal one from a personal device belonging to the victim.
Theft of technical product specifications, investment plans, analytical documentation for mergers and acquisitions, marketing plans or other similar information can not only lead to loss of income or loss of market positions, but also to much more detrimental consequences. Moreover, even more large-scale consequences are possible, for example, trade wars or an economic blockade, disruption of passenger or freight traffic using malicious code and cyber attacks.
')
To gain valuable information, hackers can use sophisticated and high-tech tools to steal intellectual property at the time it is transferred by an employee from a potentially unprotected phone, tablet, or laptop. Today, no one will be surprised by cyber attacks targeting hotel chains . The attackers are quite capable of infecting the hotel's computer network with malicious code in order to steal information from the guests' devices. Or attack a poorly protected home Wi-Fi network of relatives who were visited by an employee on holidays.
Fortunately, companies can help their employees who intend to spend their holidays away from home protect themselves from these and other digital threats. In particular, this can be achieved by adopting a number of security measures on the equipment used by employees, as well as by instructing on the need to follow standard digital security rules.
Here are five basic safety rules for business people who travel on holidays, as well as for the organizations in which they work:
1. Implement multi-factor authentication technology (MFA)
In its data leakage investigation report for 2017 (2017 Data Breach Investigations Report, DBIR), Verizon Enterprise reports that in 81% of all data leaks, attackers used stolen or weak passwords to launch an attack. Organizations can help their employees protect themselves from such leaks if they implement a multi-factor authentication policy (MFA). Such measures will help protect corporate accounts in the event that attackers manage to get a password from a traveling employee’s corporate account.
2. Use access control policies
Employees who find themselves out of the office on holidays may need access from their mobile devices to corporate resources located in the cloud. Companies can see that only authorized users will have access to such intellectual property in the cloud if they implement access control policies that regulate access to cloud applications depending on a number of different factors, including geolocation data, the type of device, and the nature of the requested data.
3. Encrypt your private data.
With enough motivation, attackers can find a way around the corporate access control system and get private corporate data at their disposal. Companies can protect themselves from such a scenario by implementing data encryption . Such measures should include encryption of data at rest (that is, ensuring data security, no matter where it is stored), as well as data encryption during their movement (that is, data protection at the time of their transfer over the network).
4. Turn off Bluetooth and refrain from accessing open Wi-Fi networks.
To intercept data from traveling members of the business community, attackers can connect to public Wi-Fi networks or launch attacks against Bluetooth enabled devices. In order not to get into the networks of intruders, employees should work only in secure Wi-Fi networks and, if possible, disable Bluetooth on their devices during the trip. In addition, they should consider using a VPN connection for search queries, as well as a corporate VPN solution implemented by the company to access any business system.
5. Update software in a timely manner.
Attackers know that employees are far from always timely updating the software on their devices. As a result, they can create malicious code that exploits the remaining open vulnerability. Therefore, before going on vacation, employees are advised to install all available updates. And when they return home, they should check for new updates and scan their computers for viruses and malicious code.
Ensure the information security of traveling employees of your company, apply best practices to protect data and holidays will not be overshadowed by serious consequences for your data. Holiday greetings!
The answer to this question is quite simple - it’s enough just to understand what the attackers will be able to do with the company's intellectual property if they can steal one from a personal device belonging to the victim.
Theft of technical product specifications, investment plans, analytical documentation for mergers and acquisitions, marketing plans or other similar information can not only lead to loss of income or loss of market positions, but also to much more detrimental consequences. Moreover, even more large-scale consequences are possible, for example, trade wars or an economic blockade, disruption of passenger or freight traffic using malicious code and cyber attacks.
')
To gain valuable information, hackers can use sophisticated and high-tech tools to steal intellectual property at the time it is transferred by an employee from a potentially unprotected phone, tablet, or laptop. Today, no one will be surprised by cyber attacks targeting hotel chains . The attackers are quite capable of infecting the hotel's computer network with malicious code in order to steal information from the guests' devices. Or attack a poorly protected home Wi-Fi network of relatives who were visited by an employee on holidays.
Fortunately, companies can help their employees who intend to spend their holidays away from home protect themselves from these and other digital threats. In particular, this can be achieved by adopting a number of security measures on the equipment used by employees, as well as by instructing on the need to follow standard digital security rules.
Here are five basic safety rules for business people who travel on holidays, as well as for the organizations in which they work:
1. Implement multi-factor authentication technology (MFA)
In its data leakage investigation report for 2017 (2017 Data Breach Investigations Report, DBIR), Verizon Enterprise reports that in 81% of all data leaks, attackers used stolen or weak passwords to launch an attack. Organizations can help their employees protect themselves from such leaks if they implement a multi-factor authentication policy (MFA). Such measures will help protect corporate accounts in the event that attackers manage to get a password from a traveling employee’s corporate account.
2. Use access control policies
Employees who find themselves out of the office on holidays may need access from their mobile devices to corporate resources located in the cloud. Companies can see that only authorized users will have access to such intellectual property in the cloud if they implement access control policies that regulate access to cloud applications depending on a number of different factors, including geolocation data, the type of device, and the nature of the requested data.
3. Encrypt your private data.
With enough motivation, attackers can find a way around the corporate access control system and get private corporate data at their disposal. Companies can protect themselves from such a scenario by implementing data encryption . Such measures should include encryption of data at rest (that is, ensuring data security, no matter where it is stored), as well as data encryption during their movement (that is, data protection at the time of their transfer over the network).
4. Turn off Bluetooth and refrain from accessing open Wi-Fi networks.
To intercept data from traveling members of the business community, attackers can connect to public Wi-Fi networks or launch attacks against Bluetooth enabled devices. In order not to get into the networks of intruders, employees should work only in secure Wi-Fi networks and, if possible, disable Bluetooth on their devices during the trip. In addition, they should consider using a VPN connection for search queries, as well as a corporate VPN solution implemented by the company to access any business system.
5. Update software in a timely manner.
Attackers know that employees are far from always timely updating the software on their devices. As a result, they can create malicious code that exploits the remaining open vulnerability. Therefore, before going on vacation, employees are advised to install all available updates. And when they return home, they should check for new updates and scan their computers for viruses and malicious code.
Ensure the information security of traveling employees of your company, apply best practices to protect data and holidays will not be overshadowed by serious consequences for your data. Holiday greetings!
Source: https://habr.com/ru/post/345504/
All Articles