Why you could be at risk for cyberattacks during business travels
REMOTE working is on the increase. However, research has found that employees could unwittingly expose themselves and their companies to cyber threats when they work away from the office on business trips or vacation.
The survey, conducted by Censuswide on behalf of T Systems, revealed poor cybersecurity was rife. Of the 2,050 full-time workers interviewed, 35 percent had accessed free WiFi hotspots from either a personal or office device for work-related activities such as checking email. Equally worrying, 28 percent had never received security training from any employer.
The results are startling especially when considered against incidents like DarkHotel, a campaign which saw hackers infiltrate WiFi networks at luxury hotels in Asia. Guests were tricked into downloading anti-virus evading malware disguised as a benign software update.
To avoid detection, it lay dormant on their computers for six months, before waking to allow hackers to steal data and documents.
Such attacks highlight the ease with which remote workers and business travelers can fall victim to cybercriminals.
Speaking to Travel Wire Asia, Hiep Dang, director of product management at cybersecurity company, Cylance explained why this makes them so desirable:
“Travelers can be easy targets for hackers because when traveling, people could be fatigued, stressed, rushing, and/ or jet-lagged.
“Those factors make travelers more vulnerable because they may make poor security decisions that under normal conditions, they would not make.”
The threats travelers face are something Cylance’s Sophisticated Penetration, Exploitation, Analysis, and Response team (SPEAR), know well.
In 2015, they identified a weakness in ANTLabs InnGate devices – an Internet gateway often used by hotels, conference centers, and other venues to provide guests with WiFi access – which had the potential to allow for a DarkHotel type attack, with unlimited possibilities for manipulation.
So, given the dangers, what can business travelers and remote workers do to protect themselves?
Reduce WiFi security risks
— Cylance Inc. (@cylanceinc) October 26, 2017
With ready access to the internet in public places like coffee shops, hotels, and airports, it is now possible to perform a myriad of tasks from just about anywhere. But that does not mean it is always safe to do so.
“Do not access open WiFi access points. Hackers could create fake WiFi hotspots that appear to be legitimate by naming their access point after common internet service providers or using the word ‘free’ in the name so people will try to connect,” Dang warned.
Cyber-thieves can use this technique to distribute malware or intercept the information sent from devices that log in to the network.
For this reason, Dang recommends that everyone should check before they connect. At the airport for instance “always ask airport personnel what are the names of the WiFi access points that are offered at that specific airport.”
But safe WiFi use is not the only thing to consider.
Protect mobile devices
As malware attacks become ever more sophisticated, anti-virus software is a must to defend devices like laptops, smartphones, and tablets from viruses, Trojans, worms, and other malicious applications. But not all are created equal.
“Signature-based anti-virus solutions often write signatures for prevalent malware that affects the whole world or only the country that the anti-virus vendor is based,” Dang explained. Consequently, “they have a harder time detecting malware that specifically targets a region or country if they do not have malware researchers based in that country.”
To ensure effective protection, “travelers should use next-generation anti-virus solutions like Cylance, which does not rely on signatures, but uses artificial intelligence to identify malware predicatively, no matter what country the malware may target,” said Dang.
Beyond what workers can do, employers too, should ensure cybersecurity best practice is maintained in and out of the office. “Training is very important,” said Dang. But additional measures could also be taken.
“Consider offering employees a ‘loaner’ phone that is already configured for the best security and does not have important information that could be lost,” Dang advised. “Company issued phones and laptops should have a ‘remote wipe’ capability in case the employee has a device lost or stolen.”
Although cybercrime shows little sign of abating, good security practices like these go a long way to help combat it, making remote working safer and lowering the risk of compromise to companies.