During the summer months, many Americans leave their homes and offices for some much-needed R&R. In fact, a new study from The Vacationer shows that 81 percent of adults are planning to take a trip of some sort this summer, despite high gas prices. This means that millions are hitting the road for vacation and hackers know it.
“People need vacations, there’s no doubt about it, but don’t let your desire to hit the links or the beach cause you to let down your guard,” warns Peter Church, a cybersecurity expert based in Milwaukee who has worked in the travel industry. “Vacations are so disruptive to routines that hackers wait to exploit them.”
Church offers advice for MSPs to follow during the summer months when people’s minds are often focused more on sunscreen and less on the computer screen.
Be careful about what you post on social media
While MSPs can’t control what people post on social media, they can advise on what should not be posted. If someone is counting down the days on Facebook until their trip to Aruba, that could provide fodder for a hacker to craft a persuasive phishing email for someone to open. The FTC reports that social media scams made up 25 percent of online fraud activity in 2021.
“People let down their guard around vacations. If you see an email that looks like it is from the resort you’ve booked a reservation at, of course, you’ll open it, and that is all it takes to cause problems,” Church says, advising people not to post their vacation plans on social media.
“Wait until after the vacation to post those beach photos,” he continues.
Prepare a pre-vacation checklist
MSPs should work with human resources and identify company employees who have upcoming vacations. There should be a “cybersecurity checklist” before someone checks out for a week or two. Such items on the checklist can range from making sure they are logged out to backing up electronic files. Confirming antivirus software is up to date should also be on any pre-trip checklists.
“People are preoccupied and in a hurry before their summer vacation, involving the MSP in securing a workstation is a common-sense step to avoid any cybersecurity hiccups,” Church advises.
But the problems don’t just happen at the office; sometimes, the most significant issues occur after an employee has clocked out for their summer vacation.
Avoid airport Wi-Fi hotspots
Working vacations have become increasingly common. The boss often checks their email and messages from the comfort of a cabana. “This is cybersecurity 101, but people get complacent, and using the public Wi-Fi while on vacation is a bad idea,” Church says. “Use it only if you have to, but I’d much rather see someone with their own password-protected personal hot spot.”
Don’t overshare
Part of securing a workstation should be advising employees not to overshare with regards to their vacation plans in electronic communications. “The out-of-office auto-reply is handy, but it also can provide hints to hackers on the employee’s whereabouts. A best practice is not to send the replies to people outside the organization; don’t put too much information in the reply,” Church recommends.
Leave work devices at home
People often let down their guard on vacation, and that includes safeguarding their actual physical devices, warns Church. “You’d be surprised how often device theft happens when people are on the road. My advice is that if you are truly going on vacation, leave the laptop at home,” he says.
Church recalls, “I was once dealing with a CEO of a medium-sized company, and he took his laptop full of sensitive client data to the beach and left his computer on a table for five minutes while he went to get a tropical drink, and when he came back it was gone. The resort’s cameras didn’t pick up the theft because a beach umbrella blocked the camera’s view of the table.”
He adds, “It was a bad idea for him to take it in the first place and even worse to leave it unattended. His vacation turned into a nightmare as he had to contact some top clients to let them know their information had been compromised.”
Establish temporary travel accounts
Company employees should be encouraged to use temporary throw-away travel accounts while away. That way, if the account becomes compromised, it is walled off from the rest of a person’s personal information.
“Temporary travel accounts are easy to set up and a great extra layer of security,” Church advises.
Use privacy screens
Companies can encourage employees to purchase privacy screens on computers and phones to keep shoulder surfers at bay. “You’d be surprised how often a pair of prying eyes can make off with a password or other key piece of sensitive data. Thirty years ago, the biggest threat in a busy place was a pickpocket. Now, it’s an overactive eye socket. Some hackers prowl airports and bus stations just to steal passwords,” Church warns.
Cybersecurity training is another powerful tool that MSPs should employ.
“The cheapest fix is always prevention, so make people aware of their responsibilities to maintain proper protocols when it comes to cybersecurity as their vacations approach,” he says.
Photo: icemanphotos / Shutterstock
Great tips for preparing for when staff travels.
The notion of bringing your work device with you boggles my mind. People need to learn that a company will sort things out when you are away, and it’s a better company that will allow you to have time off to decompress without you checking in on things
Some good tips, although it can be difficult to convince customers who have ‘always done it this way’, especially on things like external out of office messages.
One tip that I like is to not have your laptop obviously branded with your company details, either with stickers, asset tags or logon wallpaper. This makes it easier for a shoulder surfer to see just whose details they’re acquiring.
Great advice!
And if you are in an IT-specific role, probably good practice to only turn on ‘out of office’ for internal auto reply.
Great safety tips!
These are all great tips. I also strongly recommend using a VPN service that has a mobile app and using it on any devices used for financial transactions or other sensitive information
I’ve always heard things like:
“Don’t post where you’re going ahead of time”
“Don’t post while you’re away”
Not just for the security reasons of your devices, but for your own personal security and safety.
Great article and advice.
Great vacation tips!
Good points. Vacations are distracting and require constant orientation to foreign surroundings. It’s a time for concentration and keeping our wits about us.
We will be working with our clients to implement some of these best practices!