Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
What Are the Risks of Employees Going on a 'Hybrid Holiday'?
As more employees plan on taking longer holidays and working remotely from the destination for part of that time, organizations have to consider the risks. Like Wi-Fi networks.
2 Min Read
Source: Anastasia Nelen via Unsplash
Many employees are requesting a "hybrid holiday" — where longer holidays are booked with the intention of spending time working remotely from the travel destination. In a Virgin Media O2 survey from earlier this year, 76% of workers polled said they were considering adding remote-work days around their annual leave to extend their time away.
Question: What are the risks of employees going on a hybrid holiday?
John Ayers, Interim CISO and Vice President of Product, Advanced Detection, & Response at Optiv: Threat actors are like any other criminals — they do reconnaissance, and social media has become the best recon tool in the trade craft. With employees now looking to combine work with holiday plans, this has only increased the security risks for users and their companies.
Let's take an example of going overseas to Rome. It's a nice place to visit, but you also need to work. First, Internet is not a "like for like," meaning the type of access you would have there is not like yours at home. Yes, we all have been led to believe coffee shop and hotel Wi-Fi is OK to use since COVID — but it is not.
Second, not all locations are friendly. Most companies should be deploying, or have already deployed, geo-blocking in order to prevent employees from connecting in countries or locations with high risk or out of the US. Geo-blocking is a great tool to prevent and deny all access from a region. Most CISOs today need to protect access to data, which means denying access from devices based on location. They are trying to prevent MitM (man-in-the-middle attack). Why is that important? MitM employs someone setting up an access point that might not be what you think it is.
Each time you fire up the laptop or mobile device and log into Amazon or your work email, you are practicing what we call "data in motion" using the rogue Wi-Fi connection, which is now collecting all that data.
The risks here are:
Location. You now are advertising where you are.
Browsing history.
Purchasing. Yes, the credit card you used was just compromised. How do you avoid that? Tether your device and get an Internet plan with a secure option. I have used TEP Wireless because it grants me access wherever I go using an always-on VPN. Check with your company about traveling — especially out of the country.
So, the next time you try to take vacation and look to access your company's email and OneDrive, remember this: Using public Wi-Fi is like buying sushi at a gas station — you never know how sick you will get until you consume it.
About the Author(s)
You May Also Like
More Insights
Webinars
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024