Summer is here and the long-awaited vacations are just around the corner – at last! When travelling to a new destination there are many precautions one needs to take, especially in these strange post-Covid times. Airport delays, baggage loss, cancelled flights, mask rules changing while in the air etc… besides, of course, making sure that someone waters the plants while you are away. As much as we want to leave work behind when we activate that auto-reply and go on vacation, there are certain Out of Office risks and cybersecurity issues that we need to keep in mind when we go on vacation.
Theft or loss of suitcase can mean data loss
There is nothing as frustrating as being a victim of pickpockets or your suitcase getting lost during transit. We don’t always think of Out of Office risks in relation to our vacations. If you are, like many of us, travelling with company email on your phone or company laptop during your vacation (just in case) then that can mean the risk of data loss. Not to mention the personal data loss. There is also the risk of sensitive data being leaked, as a result of the theft.
Here are several precautions you can make to avoid data loss in case your bags get stolen or lost:
- Make sure to back up all your files before leaving.
- Leave the company computer at home and uninstall the corporate email from your phone – if possible.
- Activate services such as “Find my iPhone” or “Find my phone” on your mobile devices. You can then remotely erase all your data if they get lost or stolen. You will suffer a data loss if you haven’t taken back ups, but this will prevent data from being leaked.
- Always pack your computers, smartphones and medicine in the carry-on bag.
Beware of public access points
Although convenient, especially when on vacation, we need to be wary of the risks of public access points. This means free WiFis, public computers in the hotel lobby, and even public USB charging ports.
- Free WiFi points can often be insecure or even set up by hackers to inject your devices with spyware or ransomware. If you need to use public WiFi, make sure that it is offered by a reputable services such as cafés or your hotel. It is always a good rule to use a VPN when utilizing public WiFi.
- Public computers in lobbies and internet cafés are generally not safe for any sensitive use. They are often not well maintained and could be infected with spyware or keyloggers that can record the passwords to your accounts.
- Although convenient, public USB charging ports that are available in hotels, airports, and cafés pose a risk. They have been reported to extract data or inject malware into phones and tablets. Make sure to charge your devices with proper chargers, not through charging stations, because the convenience is not worth the risk!
It’s not enough to be wary of phishing emails when at work! The nature of vacations and travelling means that we are often juggling several bookings at the same time. Phishing emails stating that your booking has been changed, upgraded or cancelled are examples of vacation phishing emails. Note that the hackers don’t necessarily know anything about your traveling plans. They simply send these emails out to thousands of people hoping that some of them actually have bookings and will react to an urgent message.
Those emails typically require you to click a link that will redirect you to a webpage that might inject your computer with malware, ask for your payment information or ask you to log in to fix something. Check our short video on how to recognize phishing emails to learn more.
Phishing may be the first step for hackers to gain access to important systems, such as your company’s information systems. There are several steps you can do to guard yourself against phishing attacks:
- Be wary of emails that require an immediate response or initiate a sense of urgency to click a link to gain more information or ask for your passwords to prevent your booking to be cancelled.
- Check whether the email comes from the services that you booked, but not from someone like firstname.lastname@example.org or email@example.com.
- Check whether the links you’re asked to click on are actually redirecting to the official booking website by hovering over them.
- Never use office email accounts to organize your travels and make sure that you have strong password practices and utilize different passwords for different accounts.
Knowledge is power
Sharing is caring but also an Out of Office risk. It is safest to share your vacation news and photos after your travels! It’s not because it will make your colleagues and friends jealous of you having a fantastic time. But rather that by sharing the fact that you’re travelling you could be making both your home and workplace a target for criminals.
Burglars have increasingly been utilizing social media to figure out their next target. Sharing too much on social media can make your home vulnerable because burglars know when you’re not at home.
But how does sharing your vacation on social media become an out-of-office risk? Never assume that your account is completely secure. If a hacker has already gotten a foothold to your email or is somehow lurking in your company’s systems, they might use the knowledge that you – or someone else within your workplace – is travelling, to strike. For example they could request an urgent transfer of money because of an overdue invoice. Or ask your colleagues to send you money, in your name, claiming that you got robbed while one vacation.
Out of Office replies
It is a good habit to have an out-of-office autoreply. This tells customers and colleagues that you won’t be responding. However, there are Out of Office risks to think about. Always redirect your clients and colleagues to someone else in case of urgency. A simple “I am out of office until 30th of July and will not be reading nor responding to any business emails until then. In case of urgency, please contact Johnathan Post, at Jonathan.firstname.lastname@example.org” can minimize the risk. That way customers and colleagues are informed. If they start getting replies or strange emails from your account, they will be wary. It also means that you’ve committed to not check your email until after your vacation. A win-win situation for everyone, right?
Enjoy your vacation safely!
With some simple precautions, you can minimize the Out of Office risks and enjoy a cybersecure vacation without worries! Good security habits around passwords, knowledge about phishing attacks and “find my device” services will create peace of mind. Likewise, make sure to back up both your work files and personal files regularly, especially before you go on vacation or travel for work.
Safe travels and have fun!