Summer is here and the long-awaited vacations are just around the corner – at last! When travelling to a new destination there are many precautions one needs to take, especially in these strange times of Covid-19. Masks, hand sanitation, PCR testing, besides of course making sure that someone waters the plants while you are away. As much as we want to leave work behind when we activate that auto-reply and go on vacation, there are certain Out of Office risks and cybersecurity issues that we need to keep in mind when we go on vacation.
Theft or lost suitcase can mean data loss
There is nothing as frustrating as being a victim of pickpockets or your suitcase getting lost during transit. If you are like many of us, travelling with company email on your phone or company laptop during your vacation (just in case) then that can mean the risk of data loss. Not to mention the personal data loss. It is also the risk that sensitive data could be leaked, as a result of the theft.
Here are several precautions you can take in case of theft or lost suitcase:
- Make sure to back up all your files before leaving.
- Leave the company computer at home and uninstall the corporate email from your phone – if possible.
- Activate services such as “Find my iPhone” or “Find my phone” on your mobile devices. You can then remotely erase all your data if they get lost or stolen. You will suffer a data loss if you haven’t taken back ups, but this will prevent data from being leaked.
Beware of public access points
Although convenient, especially when on vacation, we need to be wary of the risks of public access points. This means free WiFis, public computers in your lobby, and even public USB charging ports.
- Free WiFi points can often be insecure or even fake to inject your devices with spyware or ransomware. If you need to use public WiFi, make sure that it is offered by a reputable services such as cafés or your hotel. It is always a good rule to use a VPN when utilizing public WiFi.
- Public computers in lobbies and internet cafés are generally not safe for any sensitive use. They are often not well maintained and could be infected with spyware or keyloggers that can record the passwords to your accounts.
- Although convenient, public USB charging ports that are available in hotels, airports, and cafés pose a risk. They have been reported to extract data or inject malware into phones and tablets. Make sure to charge your devices with proper chargers, not through charging stations, because the convenience is not worth the risk!
It’s not enough to be wary of phishing emails when at work! The nature of vacations and travelling means that one is often juggling several bookings at the same time. Phishing emails stating that your booking has been changed, upgraded or cancelled are examples of vacation phishing emails. Those emails typically require the receiver to click a link that will redirect you to a webpage that might inject your computer with malware or ask you to log into your email account to acquire your password. Check our short video on how to recognize phishing emails to learn more.
Phishing may be the first step for hackers to gain access to important systems, such as your company’s information systems. There are several steps you can do to guard yourself against phishing attacks:
- Be wary of emails that require an immediate response or initiate a sense of urgency to click a link to gain more information or ask for your passwords to prevent your booking to be cancelled.
- Check whether the email comes from the services that you booked, but not from someone like firstname.lastname@example.org or email@example.com.
- Check whether the links you’re asked to click on are actually redirecting to the official booking website by hovering over them.
- Never use office email accounts to organize your travels and make sure that you have strong password practices and utilize different passwords for different accounts.
Knowledge is power
Sharing is caring but also a vacation risk. Share your vacation news and photos after your travels! It’s not because it will make your colleagues or friends jealous of you having a fantastic time. But rather that by sharing the fact that you’re travelling you are making both your home and workplace a target.
Burglars have increasingly been utilizing social media to figure out their next target. Sharing too much on social media can make your home vulnerable because burglars know when you’re not at home.
Never assume that your account is completely secure. If a hacker has already gotten a foothold to your email or is somehow lurking in your company’s systems, they might use the knowledge that you – or someone else is travelling, to strike. For example they could request an urgent transfer of money because of an overdue invoice. Or ask your colleagues to send you money, in your name, because you got robbed.
Out of Office replies
It is a good habit to have an out-of-office autoreply. This tells customers and colleagues that you won’t be responding. However, there are Out of Office risks to think about. Always redirect your clients and colleagues to someone else in case of urgency. A simple “I am out of office until 30th of July and will not be reading nor responding to any emails until then. In case of urgency, please contact Johnathan Post, at Jonathan.firstname.lastname@example.org” can minimize the risk. That way customers and colleagues are informed. If they start getting replies or strange emails from your account, they will be wary. It also means that you’ve committed to not check your email until after your vacation. A win-win situation for everyone, right?
Enjoy your vacation safely!
With some simple precautions, you can minimize the Out of Office risks and enjoy a cybersecure vacation without worries! Good security habits around passwords, knowledge about phishing attacks and “find my device” services will create peace of mind. Likewise, make sure to back up both your work files and personal files regularly, especially before you go on vacation or travel for work.
Safe travels and have fun!