When employees take company devices or check company networks while traveling, it may open up your company to cyberthreats.
Most of us have been guilty of checking work email while on vacation, whether from the airport, the beach or a cafe. While the intentions are positive – scanning for urgent emails, keeping inboxes under control, etc. – employees may in fact be putting the network at risk, and IT teams need to be prepared.
When employees access accounts and information while on vacation, they're often operating on a personal, unpatched and vulnerable device. On the flip side, if employees decide to bring their corporate-issued devices on vacation with them, local files are at risk in addition to information on the corporate network. If an employee is charging their company smartphone or laptop while waiting at the airport, this offers hackers an opportunity to gain access to files, emails and even passwords. Furthermore, responding to an attack can be more complex when it occurs in a foreign country due to time-zone differences, language barriers, lack of in-person support and other factors.
Risky Wi-Fi connections
Personal devices on a public Wi-Fi connection are a hacker's dream. Devices like laptops, tablets and smartphones are not likely to be equipped with the same security measures as your company-issued devices, offering an easier route for hackers to access files, accounts, data and more. The risk is heightened by free and unsecure Wi-Fi networks, which creates the possibility for hackers to clone accounts, and therefore gain access to sensitive company data.
Passive attacks on neglected devices
Your IT staff should remind employees to unplug before a trip and stay unplugged, no matter the work emergency at hand. But when employees travel for extended periods, this tactic can be a double-edged sword. While employees who fully disconnect from their devices on vacation may seem like less of a threat than their colleagues logging on from anywhere and everywhere, these "neglected" devices may also put the network at risk. When a device sits unused for a longer period, the device is not automatically updating for missing patches.
This leaves the device vulnerable to a passive attack, where hackers take advantage of the out-of-date OS and security measures. In this case, hackers are on the lookout for missing patches and open ports, and use such vulnerabilities to gain access to information on the system. Once the device is finally opened and back in use, the hacker is ready to rumble with a phishing email. Sure, this scenario may seem less likely than the other potential attacks summer travel presents, but it should not be ignored.
Securing every device before summer travel
Given the increased vulnerabilities that devices are susceptible to during travel, your IT teams must do the upfront work to keep these devices secure. This includes making sure all endpoints are patched with the latest OS and antivirus updates, equipped with unique and complex passwords, and encrypted.
Furthermore, IT teams must implement monitoring as well as onboarding and offboarding security policies to gain control of the entire enterprise network. If an employee's device falls victim to a hack while they're out working on their tan without any idea of what is happening to their device, this type of network control will deny the hacker access.
While summer vacations offer employees a chance to unwind, they have the opposite effect on IT staff. Whether these are the employees who stay logged on while traveling the globe or are totally unplugged for extended periods, on-the-go devices bring a slew of potential security vulnerabilities. IT teams are responsible for implementing preventative measures such as automated updates and patches and implementing security maintenance protocols that include constant device monitoring and control, especially in the event that a hack does occur. Don't let your summer vacation land you on IT's bad side!