Cybersecurity blog Cybersecurity blog
Out of Office Risks: Vacation and Cybersecurity
Facebook Twitter LinkedIn

Out of Office Risks: Vacation and Cybersecurity

blank
Sindri Bergmann
6 min read ∙ Jun 15, 2021
blank

Summer is here and the long-awaited vacations are just around the corner – at last! When traveling to a new destination there are many precautions one needs to take, especially in these strange post-Covid times. Airport delays, baggage loss, cancelled flights, mask rules changing while in the air etc… besides, of course, making sure that someone waters the plants while you are away. As much as we want to leave work behind when we activate that auto-reply and go on vacation, there are certain vacation and cybersecurity issues that we need to keep in mind.

Like many of us, traveling with company email on your phone or laptop during your vacation can mean the risk of data loss.

Theft or Loss of Suitcase Can Mean Data Loss 

There is nothing as frustrating as being a victim of pickpockets or your suitcase getting lost during transit. We don’t always think of cybersecurity risks in relation to our vacations. If you are, like many of us, traveling with company email on your phone or company laptop during your vacation (just in case) then that can mean the risk of data loss. Not to mention the personal data loss. There is also the risk of sensitive data being leaked, as a result of the theft.

Here are several precautions you can make to avoid data loss in case your bags get stolen or lost: 

  • Make sure to back up all your files before leaving.
  • Leave the company computer at home and uninstall the corporate email from your phone – if possible.
  • Activate services such as “Find my iPhone” or “Find my Phone” on your mobile devices. You can then remotely erase all your data if they get lost or stolen. You will suffer a data loss if you haven’t taken back ups, but this will prevent data from being leaked.
  • Always pack your computers, smartphones and medicine in the carry-on bag.

Beware of Public Access Points

Although convenient, especially when on vacation, we need to be wary of the risks of public access points. This means free WiFis, public computers in the hotel lobby, and even public USB charging ports. 

Man on computer in cafe using free wifi. This is a vacation and cybersecurity risk.
  • Free WiFi points can often be insecure or even set up by hackers to inject your devices with spyware or ransomware. If you need to use public WiFi, make sure that it is offered by a reputable services such as cafés or your hotel. It is always a good rule to use a VPN when utilizing public WiFi.
  • Public computers in lobbies and internet cafés are generally not safe for any sensitive use. They are often not well maintained and could be infected with spyware or keyloggers that can record the passwords to your accounts.
  • Although convenient, public USB charging ports that are available in hotels, airports, and cafés pose a risk. They have been reported to extract data or inject malware into phones and tablets. Make sure to charge your devices with proper chargers, not through charging stations, because the convenience is not worth the risk! 

Vacation and Cybersecurity Phishing

It’s not enough to be wary of phishing emails when at work! The nature of vacations and traveling means that we are often juggling several bookings at the same time. Phishing emails stating that your booking has been changed, upgraded or cancelled are examples of vacation phishing emails. Note that the hackers don’t necessarily know anything about your traveling plans. They simply send these emails out to thousands of people hoping that some of them actually have bookings and will react to an urgent message.

Those emails typically require you to click a link that will redirect you to a webpage that might inject your computer with malware, ask for your payment information or ask you to log in to fix something. Check our short video on how to recognize phishing emails to learn more.

Phishing may be the first step for hackers to gain access to important systems, such as your company’s information systems. There are several steps you can do to guard yourself against phishing attacks:

  • Be wary of emails that require an immediate response or initiate a sense of urgency to click a link to gain more information or ask for your passwords to prevent your booking to be cancelled. 
  • Check whether the email comes from the services that you booked, but not from someone like noreplybookingofficial@gmail.com or urgentbookinginformationnoreply@yahoo.com.
  • Check whether the links you’re asked to click on are actually redirecting to the official booking website by hovering over them.
  • Never use office email accounts to organize your travels and make sure that you have strong password practices and utilize different passwords for different accounts.

Knowledge is Power

Man on beach at sunset sharing vacation on social media through smartphone.

Sharing is caring but also a vacation and cybersecurity risk. It is safest to share your vacation news and photos after your travels! It’s not because it will make your colleagues and friends jealous of you having a fantastic time. But rather that by sharing the fact that you’re traveling you could be making both your home and workplace a target for criminals.

Burglars have increasingly been utilizing social media to figure out their next target. Sharing too much on social media can make your home vulnerable because burglars know when you’re not at home. 

Hacker or burglar watching man on vacation through social media on a smart phone. Sharing on social media is a vacation risk.

But how does sharing your vacation on social media become a vacation and cybersecurity risk? Never assume that your account is completely secure. If a hacker has already gotten a foothold to your email or is somehow lurking in your company’s systems, they might use the knowledge that you – or someone else within your workplace – is traveling, to strike. For example they could request an urgent transfer of money because of an overdue invoice. Or ask your colleagues to send you money, in your name, claiming that you got robbed while one vacation. 

Out of Office Replies

It is a good habit to have an out-of-office autoreply. This tells customers and colleagues that you won’t be responding. However, there are vacation and cybersecurity risks to think about. Always redirect your clients and colleagues to someone else in case of urgency.

A simple “I am out of office until 30th of July and will not be reading nor responding to any business emails until then. In case of urgency, please contact Johnathan Post, at Jonathan.post@company.is” can minimize the risk. That way customers and colleagues are informed. If they start getting replies or strange emails from your account, they will be wary. It also means that you’ve committed to not check your email until after your vacation. A win-win situation for everyone, right?

Enjoy Your Vacation Safely!

With some simple precautions, you can minimize the vacation and cybersecurity risks and enjoy a cyber-secure vacation without worries! Good cybersecurity habits around passwords, knowledge about phishing attacks and “find my device” services will create peace of mind. Likewise, make sure to back up both your work files and personal files regularly, especially before you go on vacation or travel for work.

Safe travels and have fun!

blank
Sindri Bergmann
6 min read ∙ Jun 15, 2021

Become cyber secure

You and your employees are going to love AwareGO. It’s a modern, cloud-based system for managing human risk, from assessment to remediation. We’ve made it super easy — schedule your first assessment or training in minutes.

Get started for free and give it a go right now.

You’ll love the way AwareGO can fit into your existing infrastructure. Our robust APIs, widgets, and content available in SCORM format make sure that the integration is seamless. We also integrate with Active Directory, Google Workspace, and popular tools like Slack and Teams.

Contact us and our experts will recommend the best way to integrate.

Upgrade your cybersecurity business by adding human risk management to your existing portfolio of services. Increase your deal size by leveraging Human Risk Assessment or offering Security Awareness Training to your current customers and creating a new revenue stream.

Contact us to become an AwareGO partner, and we will support you every step of the way.

Join top companies worldwide in the mission to make workplaces cyber-safe

Get started free
blank blank blank blank blank blank blank blank blank blank