Many modern organizations operate in a distributed model, with branch locations and endpoints deployed outside of a physical office. The concept of the network perimeter has expanded dramatically in recent years. It has been pushed by two significant post-pandemic milestones: the implementation of remote work and the return to business travel.
But anything connecting to the corporate network is a potential vector for attackers, who can make their way into the network core by first compromising a branch office or an endpoint. At WatchGuard, we have 10 cybersecurity tips for business travel and remote employees you should follow to prevent hackers from gaining access to an organization’s “crown jewels”:
1. Avoid accessing your corporate email from public networks without the proper protection:
During your business trip, your hotel probably has a public Wi-Fi network. If you need to access your corporate email or company documents during your business trip, avoid using a public network. Try to at least use a Wi-Fi network with a password to offer some basic protection from the general public. Nowadays, with increased remote work, IT and security departments do not ban the use of public networks; however, they do impose requirements to use them. Whether you are joining a public or private Wi-Fi network that you or your company doesn’t control, you must have a suite of endpoint protections on your device, including anti-malware, host firewalling, and more. Then, always use a VPN to provide an extra layer of encryption to your connection, so others on this public network can’t intercept your email and more. Public Wi-Fi networks have become a reality for many traveling workers, but you need to make sure you employ protections on your computer when using them.
2. Download apps before you leave:
Malicious apps can access all the data on your phone, including your company's data, and suffer a cyberattack. If you want to download an application, only do it from known 1st-party sources and repositories. For instance, only get apps from the official Apple or Google stores on mobile devices. Or only download through the Microsoft or Apple app stores for computers. People need help with malicious apps when they download things from non-official sources. Also, don’t pirate. Besides being illegal in most countries, few things are truly free, and many pirated apps come with malware.
3. Turn off Bluetooth unless necessary
Minimizing your Bluetooth usage minimizes your exposure to very real vulnerabilities. Bluetooth connectivity can present problems because signals come from all directions. When you leave Bluetooth turned on, people nearby can connect to your phone and possibly hack into your device. Keep Bluetooth disabled as much as possible to avoid possible attacks.
4. Don’t click on links from emails or websites
If you receive a suspicious email about an urgent password change, a payment to a supplier that can't wait, or anything else strange and suspicious, beware! Even if it comes from a known contact, it could be phishing. Verify the sender's address and, if in doubt, do not open or reply to the message. If you absolutely feel you must visit a site you learn about in an email, we recommend you manually enter the domain and find the content you want rather than clicking the link in the email.
5. Enable two-factor or multi-factor authentication (2FA/MFA) whenever you can:
Attackers have many ways to steal your passwords. Perhaps they acquired it by phishing you. Maybe they hacked a site you visit and got your password from there, and if you use the same password in other places, this is a bigger problem. Malware can steal passwords too. However, MFA can save you even when an attacker knows your password. This feature means that every time someone tries to log in to your account, they also need some second factor of authentication, such as the approval of a notification on your cell phone, to log in as you. This makes it much more difficult to hack into your accounts even when threat actors steal your credentials, and, best of all, you are warned that an attempt is being made to gain unauthorized access to one of your services.
6. Update your operating system and software
Not updating software as recommended can leave an open door to vulnerabilities. Before leaving the office, perform all pending system updates, and be sure to review any pending updates and apply them as soon as you return. Again, your IT department usually has processes or tools that force and automate updates. If that is the case, you may not have to do anything. However, sometimes these automated solutions still ask the local user if they can update and reboot now. So be sure to approve the updates before your business trip.
7. If you only use MFA, only change your passwords when you have to:
In past, it has been very common security advice to tell people to change their passwords regularly; like every six months to a year. This advice hoped to protect you from an undisclosed credential leak, hoping you just happen to change the password before an attacker who stole it could use it. However, if you are using multi-factor authentication (MFA), smart security experts now consider this bad advice, for two reasons.
The first reason is the combination of MFA usage and public credential leaks means that nowadays you will likely quickly know when credentials have been stolen and are protected against it. If you use MFA and an attacker tries to use a stolen credential, they will fail to log in at the MFA part. If they try that credential repeatedly, this becomes a logged indicator that someone has your user credentials, allowing you to only prompt them to change their password now that it is out. Also, many huge password leaks show up on the dark web. There are services that can search for users in your domain to see if their passwords appeared in a recent leak, which is another indicator that you should rotate the password. With these two things in place, you don’t have to randomly change your password regularly since MFA protects you when a password is in someone else’s hands, and you only have to change the password when you know the credential is compromised.
“Why not just ask people to randomly change their passwords anyway,” you ask, “as an extra safeguard?” Well, it turns out that forcing employees and users to regularly change their password is irritating enough to them that it encourages them to follow very poor password creation practices. If their password is, “MyStr0ngCr3d”, the first time you ask them to change it, they might not want to memorize something completely new, so they change it to, “MyStr0ngCr3d!”. The next time it might become, “MyStr0ngCr3d!!” and then “!!MyStr0ngCr3d!!” and so on. The point is, this is not a new password at all, but a predictable sequence of just adding small editions to an existing password. Many password and hash cracking tools have methods of more quickly finding such basic adjustment practices.
The point is, if you are using MFA, you no longer have to regularly update or rotate passwords. Rather, MFA can protect you, and you can choose to only change passwords during events or situations where you know a credential has been put at risk. Having said all that, if you are not using MFA, you should rotate your passwords more regularly, and generally insecure pins (anything that is only four to six digits is not very secure) should be changed regularly as well.
8. Minimize location sharing
It is common for travelers to update their social networking sites while traveling to new cities or countries. However, this excessive sharing creates a security threat. Telling everyone you are away makes it easier for criminals to know when you are not in your hotel room or home. Limit the information you post online to limit threats to your property, including your work devices.
9. Lock all devices
It is necessary to use a secure password or PIN to keep your information safe. Keeping tablets, smartphones, and laptops locked when not in use is even more critical. Most of these devices have security settings to lock the device with a fingerprint ID, facial recognition, or PIN. Even if you are stepping away from your computer for only a minute, lock it first if in a public location.
10. Get a cybersecurity solution that fits your needs
Hybrid work and business travel are here to stay, so it is necessary to adapt to their new security requirements. Unified security must be comprehensive, with equally robust protection for all devices and endpoints no matter where they are, along with centralized management and visibility. In our blog, Hybrid work is only feasible with unified cybersecurity, we highlight the advantages of addressing the unique cybersecurity challenges simply and efficiently through a single consolidated platform.