Essential Cyber Security Tips for Travelling this Summer
It’s summer, time to get away, relax by the pool, spend time with family, and forget about work... right?
The reality is, that for many people, it is difficult to switch off and leave it all behind, especially for owners and managers of small to medium businesses, and in our interconnected world, business travel is a common necessity.
However, this combination of work and travel presents professionals and their businesses with unique cyber security risks, and implementing robust security measures while on the move is crucial to protecting sensitive data and maintaining operational integrity.
So, let us take a look at some of the ways in which you can keep both your business and personal data secure when travelling.
Managed Endpoint Detection & Response
Did you know that, according to statistics, traditional Anti-Virus is only 30-50% effective against modern cyber threats? In reality, our security reports have recently shown that traditional antivirus would have protected against less than 25% of modern threats. Furthermore, more than 97% of cyber attacks could have been prevented if businesses had modern and comprehensive solutions in place to protect against them. Unlike traditional antivirus, which only monitors for known threats, Endpoint Detection and Response uses AI and Machine Learning to monitor for unusual, suspicious and malicious activity and actively prevent it from causing harm.
Use Strong Passwords and Multi-Factor Authentication (MFA)
One password, one service—that is the rule that everyone should abide by. It is essential that users ensure that all their devices are protected with strong, unique passwords and utilise multi-factor authentication (MFA) for online accounts wherever possible. MFA adds an additional layer of security, making it harder for unauthorised individuals to gain access to corporate accounts. Many services are also beginning to support passkeys, the next evolution of account security, which combines both the benefits of ultra strong passwords, MFA, and biometric authentication under a single solution.
Encrypt Sensitive Data
Data encryption across all your devices should be an essential part of your data protection policies. Full disk encryption can secure data stored on laptops and mobile devices, ensuring that even if a device is lost or stolen, the information remains inaccessible without the proper decryption key.
Avoid Public Wi-Fi
Public Wi-Fi networks, such as those in airports, cafés, and hotels, are notoriously insecure. Cyber criminals can easily intercept data transmitted over these networks through man in the middle attacks, or intercept data on these networks. Whenever possible, use a personal hotspot or a portable Wi-Fi device or find a way to secure your internet traffic across those networks. If you must use public Wi-Fi, ensure it is secured and avoid accessing or transmitting sensitive information.
Use a Virtual Private Network (VPN)
One way to secure your internet traffic across public Wi-Fi networks, and keep your data protected, is to use a VPN solution. The use of a VPN encrypts your internet connection, protecting your data from interception and eavesdropping.
These can come in a few different forms:
Private VPN: A private VPN creates a secure and encrypted tunnel back to your home or business, providing you with a secure connection as if you were back in the office, even providing you with access to the files, and resources you would have available in the office.
Proxy VPN: Proxy VPNs are services that allow you to secure your internet traffic by routing it to a secure location anywhere in the world. It is, however, important to ensure that if you use a Proxy VPN service, it is from a reputable provider that does not track internet traffic that runs through its service, and that it is enabled whenever you connect to the internet, particularly over public networks.
Physical Security Measures: Be Careful of the Ducks!
Okay, not real Ducks, but those may be dangerous too but for different reasons. Rubber Dicky’s are malicious little USB devices have the ability to launch a cyber attack on your devices just by plugging them in. It is important to avoid using unknown or unsecured USB drives.
Solutions such as application and device Ringfencing uses AI and Machine Learning to understand what devices are being used for, what they are attempting to access and if they are attempting to perform a task that they shouldn’t.
For example: A USB Rubber Ducky could execute code, pretending to be a keyboard, that writes a command that attempts to copy files from your device and upload them to the cloud. Whereas Application & Device Ringfencing understands that a USB device you have just plugged in should not be performing those actions, and it blocks the actions it is trying to perform.
Keep your devices with you. Never leave your devices unattended in public places.
If you must leave your device in a hotel room or other temporary location, ensure that the screen is locked, and ideally use an industry standard secure lock or room safe to minimise the risk of theft.
Avoid OMG Moments
Always be cautious when using public charging points, especially those with preinstalled cables. Much like the USB Rubber Ducky, the OMG Cable, which looks like your average USB or USB-C cable, is capable of loading malware directly on to insecure devices. In recent years, attackers have also developed faceplates for public charging ports with similar technology that can launch an attack over your own cable. When charging in public spaces, it is advised to use QI wireless charging, your own battery bank, or your own plug and cable in a standard wall outlet to minimise risk.
Regular Security Awareness and Training
It is essential that employees throughout your company receive regular training on the latest cyber security threats and best practices, such as those listed in this article. Awareness of phishing attacks, suspicious links, insecure public wi-fi, the importance of strong passwords, and secure handling of sensitive data (especially when travelling) is crucial.
Incident Response Plan
Having a clear incident response plan in place ensures that all key personnel know the steps to take if they suspect a security breach, including who to contact, how to report the incident, mitigation measures, and much more. We help businesses put these plans in place, however, it is important that multiple people throughout the business have access to these procedures in the event of a breach and that everyone knows the escalation process.
Implementing these security measures and best practices reduces the risk of data breaches and cyber attacks when you or your employees are travelling.
How can we support your business when travelling?
At TwentyFour IT Services, we can provide support for business personnel who require 24/7/365 support, working with businesses around the globe to keep them operating when they need it most, constantly keeping guard against the latest evolving cyber threats.
However, it is important to consider that incorporating these cyber security practices into your travel routine can significantly mitigate risks and safeguard both personal and corporate information.
Staying vigilant and informed about potential threats ensures that business operations remain secure and uninterrupted, providing a seamless and productive travel experience.
If you would like to find out more about our 24/7/365 Support and Security Services, fill out the form below.