Employees are at the top of the security chain in a company, but at the same time they are also the biggest risk factor when it comes to cyber security. Few people are aware that the threat of cybercrime is also omnipresent outside working hours or when working on the move.
In today’s connected world, it is no longer necessary to be in the same place or on the same network to communicate or work with each other. However, this makes it difficult to control the secure use of all work devices. Fraudsters know this and profit from the absence of others. But what are the gaps and what measures need to be taken to improve employee awareness so they are more effectively protected from cyber threats outside the workplace?
What security gaps arise when away from the workplace?
Whether booking a business trip or sending an email to employees during the vacation season, criminals use the simplest tricks to gain access to sensitive company data, even when no one is in the office.
An attack can occur before a trip is even booked or planned. Fraudsters usually already anticipate a vacation and send phishing e-mails with non-legitimate vacation offers for hotels or flights to the employee’s e-mail account.
The usual e-mail sent before a vacation to inform colleagues about one’s absence can also cause great damage. It provides attackers with information about when an employee is not in the office. Cybercriminals use this for identity theft and impersonate the person who is away. This usually involves sending emails from the supposed CEO of the company with requests for payment to a specific account.
When you finally make it to your well-deserved vacation, caution is highly advised, especially when using public wifi networks and computers. Fraudsters could use special software or inadequately secured applications to place themselves between the victim and the device used in order to read or manipulate communications. In this way, they gain access to the company’s IT and sensitive data. Such incidents are referred to as a man-in-the-middle attack or shadow IT. More information on the latter can be found here. So what to do to enjoy a stress-free secure vacation?
Packing my suitcase and taking with me…5 tips on cybersecure behavior off the clock
- Beware of phishing emails with travel discounts from unusual addressees or websites Better ignore them, definitely don’t open the links.
- Out-of-office emails, prefer to avoid and also do not post the absence on social media channels, only internally if possible.
- Leave devices with sensitive company data at work or at home instead of taking them on vacation.
- Beware of open wifi networks! Turn off the function to automatically connect to open wifi networks. Rather use mobile data and surf with your laptop via mobile hotspot or virtual private network (VPN).
- Identity is the key to success! Question payment requests from colleagues or business executives when they are traveling to prevent CEO fraud.