Small business owners and operators have a great stake in their businesses, so even when it's out of sight, chances are your company isn't out of mind. Cybersecurity threats don't take a vacation either – and when you're on the road, you may forfeit some of the protections your business has in place.
A cyberattack is the last thing you want to deal with while you're trying to take some time off, so it's important to take a few additional precautions. Whether you're working from the beach or going unplugged, here are three ways to keep yourself and your company secure while you're traveling.
1. Skip the auto-reply.
For many employees, turning on automatic replies from your email is a standard step before you lock your door and hit the road. But an automatic reply is just that – automatic – and you can't control who it's sent to or what is done with the information. Automatic replies often contain information that could be valuable fodder for a phishing or other social engineering attack.
Consider this example:
"I am out of the country on vacation July 1-5. Please contact Jane Doe at firstname.lastname@example.org with all finance requests. If this is urgent, you can reach my cell phone at 555-555-8745."
Not only does the recipient know you work in finance and you're out of the country, but they also know how long you'll be gone, your alternate contact number, and who else on your team they can contact. It would be easy for a fraudster to email Jane posing as a vendor requesting a rush payment, citing details from your auto-reply to make their attack convincing.
If possible, consider setting a policy against using auto-reply in your business. Here's how to handle vacation communication instead:
- Reach out to contacts you frequently speak with preemptively to let them know you'll be away.
- Ask a manager or other co-worker to monitor your inbox and voicemail to check for messages requiring immediate attention.
- If the nature of your business or position requires an auto-reply, consider a short, vague message such as "I am currently unavailable." The less information provided, the better.
2. Avoid public Wi-Fi.
You've probably got a lot on your plate at work, so it can be tough to totally unplug while away. Plus, occasional uptime while traveling can be a great opportunity to get some work done so you can get back to relaxing. But productivity often means connecting to the internet, so when you're out of range of your office router, you might be searching for an alternate connection – one that's probably not too hard to find at airports, hotels and restaurants.
Keep in mind that convenience comes at a cost. Public Wi-Fi puts you and your data at serious risk. Anyone in the area can connect to public Wi-Fi, and simply by sharing the network with you, a cyberattacker can gain access to your device and monitor and/or record the information transmitted. This can include passwords, emails, credit card information, website activity and more. Attackers can even set up their own fake network that mimics the name and password of the public Wi-Fi.
Even in reputable establishments or those that password-protect their public network, public Wi-Fi is dangerous. If you're working from the road or accessing company data (including email) while traveling, it's best to avoid it altogether.
Don't worry – you can still get some work done. There are a couple of simple alternatives to public Wi-Fi:
- Use a personal hotspot, either the one built into your smartphone or a standalone device.
- Connect through a virtual private network (VPN) to protect your information.
If you must jump on the public Wi-Fi, make it quick, only navigate to secure websites using https, and refrain from logging in as much as possible – especially to portals containing sensitive information like your bank, business accounting system or company CRM.
3. Stay cyber-aware.
It goes without saying that it's safest to be mindful while traveling, so keep your business data in mind too. Anytime you're out of the office, the data you carry with you on your devices faces risks. Protect your data by being aware of your surroundings and thinking twice about what you're accessing on the go.
Here are a few more tips for cyber-safety while traveling:
- Travel light with your data. Don't bring more sensitive data than you need when traveling, and be sure what you do bring is encrypted. Keep your laptop and any other devices with sensitive data in your carry-on luggage rather than a checked bag, and keep a careful eye on it throughout your travels.
- Avoid shoulder surfers. Remember to think about your seating position and any wandering eyes when you're on an airplane, out in public and even on the beach. Try to sit against a wall or in a private space when working, and darken your computer screen or add a shield to reduce visibility. Additionally, be sure to cover the keypad when entering your password or PIN on your phone or even at an ATM.
- Relax and recharge – but not at charging stations. Avoid plugging your phone and computer into charging stations in airports or other public spaces, as these can be easily tampered with to steal information or install malware. Bring your own cables and power banks so your devices can safely recharge while you're on vacation.
- Wait to post an update about your trip. Avoid posting photos and information about your vacation to social media until after your return. Like auto-replies, a vacation post can alert scammers that you're away and give them context and content for a potentially convincing attack.
Now kick back and relax knowing you're en route to a safe and cybersecure vacation!