Holidays and vacations are a happy and exciting time. These are times when we let our guard down, relax, and give ourselves some well-deserved time out of the office. Unfortunately, threat actors never take the day off. Attackers are always on the lookout for ways to infiltrate networks to steal credentials, sensitive data and intellectual property.
To avoid falling prey to their techniques we need to always perform our due diligence, even when we’re on vacation or taking time off.
Vacation and time away cybersecurity risks
If you’re planning to take some time away from the office, here are some cybersecurity risks you need to be aware of.
Out of office replies-
On the surface, setting an out-of-office auto-reply might seem like a courteous and responsible thing to do. However, sometimes it can play right into the hands of cybercriminals and threat actors. That’s because any messages announcing your out-of-office absence might also reveal sensitive personal information about you to anyone who contacts you while you’re away.
For instance, if you live and work in New York, and your out-of-office message mentions that you will be out of town in Miami for two weeks, an attacker knows you’re probably not watching your systems and accounts closely. This can be leveraged into a phishing attack, or an opportunity to compromise an account. The same applies if you spell out the dates when you’ll be absent; you’re telling attackers how long they have to work with little to no opposition from you.
Mobile devices-
Mobile devices such as your phone, tablets, and laptops can often be a treasure trove of confidential information. Their value and portability make them popular, easy targets for thieves, placing that information at risk. Their typically small size also makes them easy to leave behind accidentally, again potentially putting confidential information at risk of falling into the wrong hands.
Social media-
Sharing your vacation escapades on social media may be fun, however, not everyone who’s online is a friend. Pictures, videos and details of your adventures may reveal sensitive information that can be used to an attacker’s advantage, whether it’s in an impersonation attack, or by using this time to gain access to physical or digital assets.
Wi-Fi connections-
Insecure Wi-Fi connections are ideal for attackers, as it is easy for them to capture any unencrypted data with almost no effort on their part, and with no indication to the user that this has occurred.
Cybersecurity precautions to take while on vacation
Out of office replies-
- Don’t let people know you’re on vacation or at a certain location away from the office. Instead, just say you’re ‘unavailable’. This is a broad term that could mean you’re either in the office and don’t want to be disturbed or you’re simply not around.
- Have two different auto-reply messages; one for your coworkers, and one for clients and individuals outside of your organization. In both cases your automatic replies should only divulge the most essential information.
Mobile devices-
- Only carry mobile devices you absolutely need to minimize the risk of losing them or having them stolen. Ideally, company mobile devices should be left secured at the office, or at home.
- Implement location tracking for your devices, with the capability to wipe them remotely should they be stolen.
- Never save unencrypted passwords on your mobile devices. Instead use a password management solution to safeguard your passwords in an encrypted vault.
Social Media-
- Only provide the information needed to represent yourself before your network, current, and prospective clients.
- Never use publicly available knowledge, such as the name of an academic institution you attended, as the answer to a security question.
- Don’t post pictures of your passports, driver’s license, ID, or boarding passes online.
- If you must post your vacation pictures, wait until you get home.
Public Wi-Fi connections-
- When using public Wi-Fi, always use a Virtual Private Network whenever connecting to company resources to provide an extra layer of protection.
- Only visit websites secured with SSL (HTTPS). An HTTPS URL begins with https:// instead of http://. Modern web browsers also indicate that a user is visiting a secure HTTPS website by displaying a closed padlock symbol to the left of the URL. The extra “S” stands for ‘secure’ which means the data is encrypted. This makes it harder for an attacker to view the transmitted data.
How to help your co-workers in your absence
- Make sure at least one co-worker has adequate documentation and access to any system needed to perform your job functions in your absence.
- If your team encounters some minor issues ask them to document them for you to deal with as soon as you return.
- If you must send emails only do so to accounts that are on your contact list. Do not respond to suspicious email requests or click on any links you’re not absolutely sure are verified and safe.
- Finally, if you’re gone, be gone. The office and work will be there when you get back.
When it comes to work there will always be an issue that needs addressing, even while you’re away. Resist the urge to keep looking at your email or calling to know how a project is progressing. Remember the reason why you’re on vacation in the first place. You’re supposed to rest and recharge so you can get back to work with a clear head.
If you’re a manager, strive to enforce this policy with your team to help them live more balanced lives. Once staff members understand the team won’t implode without them, they are more likely to rest easy and enjoy their time away from the office.
Want to learn how to improve cybersecurity for your business and workers on and off vacation? Get in touch with our expert team today to see how we can help.
