The world of cyber security is constantly evolving. Yet with many IT security professionals focused on networks, desktops, laptops and other typical forms of business technology, one seems to slip through the minds of business owners on a regular basis: Mobile. Modern businesses have evolved to a point where employees are working while on the go more than ever before. Whether in an airport, at home, or at a client site, users are always connected. In fact, according to Gartner, more than 2.2 billion smartphones and tablets were sold to endusers in 2014. Cyber criminals have noticed this switch as well, and attacks on these devices have matured significantly as a result.
With all this in mind, it is more important than ever before that employees can maintain IT security while traveling. This weeks theme for national cyber security awareness month is “Staying Protected While Always Connected.” In that spirit, we are going to take some time to go through the security threats associated with mobile devices, and how you can make sure you stay secure while you are on the go.
IT Security While Traveling: The Issues
Mobile Apps that Mine Information
This may be a bigger threat than malware. According to mobile app risk management vendor Appthority, a majority of the most popular iOS and Android apps exhibit risky behavior when it comes to sharing personal information with third-party marketers, including accessing users’ contacts, calendars, locations, and more.
Mobile device theft or loss has become so common place that the statistics are hardly even shocking. In fact, one infographic from Kensington reported that one laptop is stolen every 53 seconds and 70 million smartphones are lost each year. All of this may seem like not that big of a deal. Well, consider the fact that 40% of Americans don’t password protect their smartphones. That poses a significant risk to companies who have sensitive information stored on these devices.
The Fake Hot Spot
Fake hot spot registration pages are a favorite tactic of hackers around the world. The idea is that you pull up to a café and try to connect, see the hot spot registration, are prompted to enter in personal information and credit card data, and before you know it your data is compromised. These can also be called the man-in-the-middle attack, and are surprisingly effective at getting the information they are after.
Free networks are notoriously insecure, and for many reasons. First of all, it is very easy for a criminal to trick you into going to a malicious site that downloads malware onto your system They can also track all of your movements while you are connected and get personal information such as passwords to restricted accounts, contact information, and other data that you would normally keep secure.
Just like on your desktop devices, phishing poses a serious risk to mobile users. In fact, mobile users are three times more likely to fall victim to phishing attacks by entering in their personal data when asked for it.
Data Leaks From Unsecured Wi-Fi Connections
Whenever a mobile device automatically connects to a public Wi-Fi, it can leave behind all kinds of sensitive information that could be of use to a cybercriminal who is lurking in the shadows.
IT Security While Traveling: Staying Secure
Before You Leave
- Update your operating system and apps
- Password protect all your devices
- Update anti-virus and anti-malware
- Encyrpt your devices
- Strip unneeded data from your device prior to travel, especially anything sensitive
- Make a complete backup of all your data, either online or in a separate external harddrive
- Turn off Wi-Fi autoconnect
- Configure devices to automatically be wiped after a certain number of failed password attempts
- Limit your apps permissions
- Enable location devices and install a “Find My Phone” app
- Ensure your browser is fully updated and secure (if in doubt, use Qualys’ BrowserCheck to be sure)
While You’re Away
- Disable Wi-Fi and bluetooth when not in use
- Limit what you do while connected to free Wi-Fi
- Avoid public kiosks
- Use different passwords than you usually use at home
- If traveling to a location with a higher-than-normal possibility of a theft (such as a tradeshow or convention), remove batteries when not in use
- Use VPN (good options include TunnelBear and CyberGhost)
- Turn off cookies and autofill
- Avoid public or shared computers
- Get and RFID-blocking sleeve for devices (such as PacSafe)
- Do not attach unknown devices, such as thumb drives, to your device
- Never accept software or OS updates while on hotel or public Wi-Fi (See FBI Advisory)
- Continue to monitor your personal information
For more information about how you can keep your company secure while on the road, contact our security team to learn about developing a security policy.