It’s a frightening fact that in this day and age, data is big business and keeping your data safe is becoming increasingly harder. Stolen data in particular cost the global economy an estimated $445 billion last year (that’s around £312 billion) and countless hours of labour trying to recover or shut down hacked systems. It was only in October last year, the UK’s Office for National Statistics included cybercrime for the first time in history; resulting in a 107% increase in figures compared to 2014 when such crimes were not included.
Cybercrime is fast becoming a defining feature of the technological landscape we’re living in, with ‘data’ often being referred to as ‘the oil’ of the digital movement. We’ve all heard of ‘phishing’ scams, fraud and identity theft, malware and hacking; you may have even been subjected to them yourself. But what happens when these security breaches don’t just affect one individual, but a whole organisation? What happens when valuable data is stolen that holds confidential client information or financial data?
With increasing sophistication, hackers are able to access, corrupt and download files from a system within minutes, exposing sensitive data and using it to sell or advance ahead. What’s truly frightening is that so many organisations are unprepared for this new wave of crime. That’s why, as a business traveller, it’s critical to be prepared and vigilant at all times whilst you’re on the move. It’s easy to become forgetful or clumsy when you’re fatigued, or when you have multiple bags to carry on numerous legs of a journey. But in reality, there’s never a better time to be hyper-aware when you’re in unfamiliar surroundings and using unfamiliar networks to connect your work devices to.
Here’re our top 5 tips on how best to secure your sensitive information whilst you’re in transit:
1. Be Vigilant
Okay, that one is probably the most obvious one of all. But with the continued growth of a mobile workforce travelling all over the globe equipped with work laptops, phones and tablets, the risk of a security breach increases dramatically with it.
One misplaced laptop at the airport or in the back of a taxi exposes a plethora of new potential risks, not only to you as the individual, but to your company and clients’ data integrity. The immediate danger is that your lost laptop could potentially be used to access confidential information ranging from identity theft to corruption of your corporate network. It all sounds very dramatic but it happens every day all over the world, with the UK alone receiving an estimated 120,000 cyber-attacks per day.
Passwords and usernames in the wrong hands could easily transpire into corporate espionage, or even a function as harmless as an email address book embedded within your Outlook correspondence could lead to a targeted spyware attack on anyone and everyone you’ve ever emailed.
The ripple effects of not keeping an eye on your belongings whilst travelling are stretching further than ever before and in a much shorter space of time, so there’s never been a better time to keep your bags under lock and key and permanently attached to you whilst in transit, including airport security and customs.
2. Be aware of the dangers of public hotspots
Following on from theft/loss of belongings, we’re entering an era where hardware needn’t even leave your side for its data to be compromised. As we visit a number of offices, internet cafes, coffee shops, business centres, airports, hotels and public areas, our first priority is often to ask if the host has Wi-Fi connectivity. It’s not unheard of for public PCs to be infected with malware, so be cautious using public systems for any activity that may in some way compromise you or someone you know.
Hotel Wi-Fi, once a novelty, is now a necessity for frequent travellers to maintain a sense of normalcy in their personal lives and stay connected with their colleagues back in the office. However, researchers have recently discovered vulnerability in many hotel routers that would easily allow a hacker to distribute malware to guests and monitor and record all device activity over the hotel Wi-Fi. This particular discovery was simply a tiny loophole in the access process that left the entire chain of hotels using the server unprotected and vulnerable to cyber-attack.
An even scarier tale was that of a high-ranking Hamas official in a Dubai hotel in 2011, who was the targeted victim of cybercrime – the hacker remotely reprogrammed the hotel’s electronic door lock/key system, upon which he accessed to the guest’s room and assassinated him.
The first thing we’d recommend is to make sure you’re connecting to the right Wi-Fi server. It’s not particularly difficult for any digital novice to set up a Wi-Fi hotspot in a public area and simply wait for you to click on it, before planting spyware or malware on your device; enabling them to view everything you’re doing/typing/browsing and, depending on your Firewall protection, access your entire hard drive. A great example of this is ‘Hotel Guest Wi-Fi’; an easy, obvious name that any unsuspecting guest may connect to. Always double check with reception which is the correct hotspot before connecting, never make financial transactions over public Wi-Fi and don’t connect to anything that isn’t password protected.
However, this leads us on to a slightly contradictory second recommendation; don’t assume that because a hotspot is password-protected, that it is secure, as sadly that’s not always the case. Entering a password is simply an authentication process and doesn’t necessarily mean that you’re entering a secure network. A hotel could still be linking their Wi-Fi to an unsecure, open network which would inevitably mean you’re at much greater risk. Many public hotspots now have a small lock symbol next to their connection name if they’re secure; or for unsecure, open networks, an orange shield with an exclamation mark.
3. Location means nothing
Cybercrimes are very hard to predict and prevent as there is no ‘global hotspot’ for targeted data theft. It is, broadly speaking, a universal crime whereby anyone armed with a computer and a hint of tech-savviness about them could become a cybercriminal. You’re just as at risk in the centre of London as you are in a hotel in Ghana; the fact of the matter is that hackers are opportunists and where there is IT equipment, there are hackers. The most you can do is make it difficult for anyone to come remotely close to stealing your data, as hackers tend to have a short attention span through fear of being caught. If you make it particularly tricky to access your system, chances are, they will give up and move (sadly) onto somebody else.
Having said that, countries with lax security, limited law enforcement resource, limited intellectual property laws, heightened terrorist activity and high theft rates may present a higher chance of hacking / retrieving personal data back than others, but that is not to say you’re less at risk in one place than another; so it’s best not to assume and remain vigilant where ever you are.
4. Beware that unknown hardware can be weaponised
Whilst it’s unlikely to happen to you, it’s not unheard of for hackers to distribute infected USBs that, once plugged into your computer, can install malware onto your system and give access to virtually anyone. A recent study by Independent Security Evaluators demonstrated just how easy it was to take down an entire network; eighteen USB sticks were taken into a hospital and dropped on multiple floors of the building, left in places where they were likely to be found by hospital staff. Within 24 hours, at least one of them had been plugged into a nurse’s computer and infected it with malware. Hackers were then able to access the hospital’s network and take over the function of medicine-dispensing. If they’d wanted, or had their motive been different, they could have caused hundreds of people to overdose or change their prescribed medication.
It’s wise not to accept any hardware if you don’t know its original source and definitely don’t use any USBs found in public places, such as hotels and airports.
5. Implement practical measures to protect your data
Whilst in an ideal world it would be best to allow no – or at least minimal – sensitive data on your device, we understand that it’s not always realistic, particularly if you’re a frequent traveller. What we do recommend however, is that you put practical measures in place to ensure that data that does need to be physically carried on your person, like a client presentation for example, is securely encrypted. SSL, VPN and RSA key fobs ensure that access is formally controlled and auditable; coupled with complex log in passwords and time-out functionality on inactive sessions, hackers will find it difficult to hack your system, regardless of your location.
For more information, please drop us an email at firstname.lastname@example.org or call us on 01895 450701 to chat to a member of the team.