Accept one aspect, ‘there is no such thing as 100% secure, no matter wherever you go’
However, there are things you could do to alleviate the situation, commonly known as ‘best practice’. Use the ‘KISS’ principle, whether on business or holiday, apply good ‘risk’ management to stay secure online when traveling.
Always ask yourself; ‘Do I need this’? and reduce the ‘Risks’! Implement those ‘best practices’, use common sense and save yourself and potentially your company heartache.
Unlike you, the criminal doesn’t sleep, be it in the ‘here and now’ or in the cyber world. The threat is persistent and will strike when your guard is down, so ‘you must be vigilant’. Security is ’24x7x365′ ….. the criminal doesn’t take ‘time off’! Be aware of malware, ransomware, APTs, key logger‘s and the myriad of threats that you face.
Remember ‘6 P’ = Prior Preparation Prevents Pretty Poor Performance
Don’t mix business with pleasure. The point of taking a holiday is to get away from work, so discipline yourself to leave the laptop at home. Get away from work and chill out and don’t take the laptop with you and reduce your ‘risks’! Your mobile phone is different, no matter where you go on holiday, it’ll always be a ‘valuable and attractive’ item to a potential thief whether home or abroad.
When at the beach (for example), secure it in your car or always ensure you have it secured with you and not left visible for the potential thief. Mobiles are big bucks! So the ‘threat’ is increased, and at all times the cyber criminal is busy, unless we take ‘ownership’ for our connected lives. These are all indications to a thief of potential weak links to be exploited, do a practice run and refine what you expect to do and what you expect to protect.
Be aware of the dangerous connected world we now live in through the advent of ‘smart devices’. These switch our heating on, heat our water, be configured to start meals to be cooked, check on house alarms or set lighting to come on at pre-determined times.
Technology extends to wearable devices or more critically for health reasons, as we evolve the dependency is increased, and so the threat and risk increases. What’s your mitigation like? Or, how is your risk acceptance?
Off to work …..
Bare minimum of data on a laptop is a best practice, so less to be compromised and even better to use an encrypted laptop. Using an encrypted removable hard drive to keep all your data on it, or use your company Intranet or maybe using the Cloud.
It’s your risk, but the key aspect here is maintaining your integrity and that of others, when your work is completed, do a back up routine. Effectively you’re keeping a clean laptop when working privately or for business purposes. The cyber criminals doesn’t like this!
The amount of people I’ve seen when I’m out on business using mobiles in a brash manner, like I’m interested in their business but a thief hones in on their device. I’ve even known people on a train who get so annoyed with mobile owners, that when the owner has left the mobile on the table.
Whilst they have gone to the toilet, to throw the mobile out of the nearest window, so have consideration for others around you. It’s being professional and polite, as the only threat is themselves.
When out on business, don’t be tempted to do your social media updates, this isn’t work and your advertising to the world that you’re not at home. It makes good intelligence for the cyber criminal fraternity, albeit the wrong intelligence for you.
Self ‘Discipline’ is a key factor, it pays dividends in many quarters. Although you may be focused on a piece of work on your laptop, don’t be tempted to ‘nip’ to the cafe for a refill, the thief is ‘opportunistic’, just like you are when trying to clinch a new business area.
Whenever possible keep all your tools with you, the laptop could go in hand luggage if flying. Equally ensure you switch off tracking on phones, you don’t want to draw attention to yourself, for the sake of losing your laptop or mobile it’s worth it and your ensuring integrity to the company sensitive data. If the data is important to you and your company, take the laptop to your evening meal, it’s better than losing both!
A visionary company should be using encrypted laptops, either their intranet protected by IDP/IPS and firewalls in place. However, when on the road you have to become ‘tactical’ ensuring all data is suitably protected.
You have to become a disciplined agent, in how you become responsible for your equipment and how you conduct business. Don’t be tempted to use open WiFi, Internet cafes or free mediums whilst your on the road.
All of these will be preying grounds of the cyber criminals, so don’t underestimate how they operate and the array of tools they have in their armory. They’re technically aware, and very clever people who will have sophisticated nets in place ready to capture your data, they don’t care about you, it’s the data they want.
Get yourself more ‘disciplined’ and clean out your wallet or purse, the amount of people I see with bulging wallets or purses and it’s not money, it’s cards, till receipts etc, is ludicrous.
Do you really need that amount of cards or is it done just to look good or so you think so, but these are good signs to a potential thief! Do yourself an important crib list of important data and keep it secure.
Also, try using a VPN (and a quality one like HideMyAss) to encrypt and make your web activities anonymous online. Plan your journey, remember the ‘6P’s’ and be ‘disciplined’ whilst on the road, it’s better than losing your job!
Be disciplined about ‘legislation’, it could save you or it could hang you. Equally this applies to how you work, what may be acceptable in one country, could be offensive in another be it a screensaver or e-book.
Become conversant with Data Protection principles and Safe Harbour rules. If you do business with the US, HIPPA rules are important and a violation could cost up to $25K, with a maximum up to $1.5 million!
Once more this is relevant to the ‘6P’ principle, we may be comfortable in this country about how we commute, but it’s very important when foreign travel is concerned. Unsure contact the Foreign and Commonwealth Office FCO for advice or your appropriate equal. OK, you’re not expected to be a lawyer or solicitor, but to show due diligence is important.
Think about, and consider:
|Encrypted laptops||Encrypted memory sticks||Always use secure WiFi|
|Physical security||Be security conscientious||Don’t trust public ‘hot spots’|
|Use if disposable IT equipment||Do speak quietly on mobiles||If it’s not secure, don’t use it|
|Don’t use shared or public networks||Is your home network secured||Use VPN to connect with work|
|Think before you act||Is your BYOD secure||Use encrypted RHD’s|
|Use a head set for your mobile||Conceal mobiles when not in use||Don’t leave devices unattended|
|Turn off WiFi on mobiles||Turn of tracking on all devices||Disconnect Bluetooth on the road|
|Enable data erasure on your devices||Don’t connect unknown USB’s||Don’t use unknown media|
|Ensure all updates are done||Enable your firewall||Patches up to date|
|Resist connecting to hotel rooms||Are you prepared, data included||Know your rights|
So think before you act, ask yourself another question; Is this necessary?
Think ‘security’ at all times (alas it’s the world we live in!)
Top/Featured Image: By Mark Rain / Flickr