Employees are at the forefront of a company’s security chain, but at the same time, they are also the biggest risk factor when it comes to cybersecurity. Very few people know that the danger of cybercrime is omnipresent outside of working hours or when working remotely.

In today’s connected world, it is no longer necessary to be in the same place or network to communicate or work with each other. However, this makes it difficult to control the safe use of all work equipment. Scammers know this and profit from the absence of others. But what are the gaps and what measures need to be taken to improve employee awareness and thus be more effectively protected from cyber threats outside the workplace?

What security gaps arise when you are not at work?

Whether it’s booking a business trip or sending an email to employees during vacation time, criminals can use the simplest tricks to gain access to sensitive company data, even when no one is in the office.

An attack can occur before a trip is even booked or planned. Fraudsters usually expect a vacation and send phishing emails with non-legitimate vacation offers to hotels or flights to the employee’s email account.

The usual e-mail before the start of the holiday to inform colleagues about your own absence can also lead to great damage. It tells attackers when an employee is out of the office. Cybercriminals use this for identity theft and pretend to be the person on the trip. In most cases, e-mails are sent from the supposed managing director of the company with payment requests to a specific account.

When you have finally made it to your well-deserved vacation, caution is advised, especially with public Wi-Fi networks and computers. Fraudsters could place themselves between the victim and the device used by means of special software or insufficiently secured applications in order to read or manipulate the communication. This gives them access to the company’s IT and sensitive data. Such incidents are referred to as a man-in-the-middle attack or shadow IT. More information on the latter can be found here. So what to do to enjoy a stress-free safe holiday?

I pack my suitcase and take with me… 5 tips for cyber-safe behavior outside of working hours

1. Beware of phishing e-mails with travel discounts from unusual addressees or websites, and under no circumstances open the links.
2. It is better to avoid out-of-office mails and not to publish your absence on social media channels, but only internally if possible.
3. It’s better to leave devices with sensitive company data at work or home instead of taking them with you on vacation.
4. Beware of open Wi-Fi networks! Turn off the function to automatically connect to open Wi-Fi networks. Prefer to use mobile data and surf with your laptop via mobile phone hotspot or via a virtual private network (VPN).
5. Identity is the key to success! Question payment requests from colleagues or managing directors when they are traveling to prevent CEO fraud .