Diving into the Deep End of Holiday Security Risk
We are in the middle of the holiday season and while it may be the most enjoyable part of the year, it’s definitely not the safest part of the year. We all take our technology gear with us on holiday, as we told the kids there will be internet available. And us corporate types want to connect quickly to the corporate network in case an urgent problem may pop up. But hackers also go on holiday too, and they also bring their tools along, as they love their job as much as we do. In fact, cyber-attacks on tablets and smartphones is exploding and it does not stop in July and August.
Eavesdropping on your hotel swimming pool Wi-Fi?
As we slip into “relax max” mode on holiday, we all tend to become less vigilant and that’s dangerous! So when you use your tablet, smartphone or laptop while on holiday, there is an important thing to keep in mind: public Wi-Fi networks are indeed very public. You may feel secure as you bring your own device, but in fact, you are not.
On a public network, you are sharing the network with strangers. As this recent post from Krebs details, there are powerful hacking tools readily available that can snoop on your communications. It is advised not to do anything on a public Wi-Fi network that you do not want an eavesdropper to know. Watch out with usernames and passwords, especially when you connect to your business applications and corporate resources. Your entire digital life can be exposed.
A good general rule is to assume that anything you do over public Wi-Fi is part of a public conversation. It also seems that some devices just broadcast your location history so those snooping strangers can find out where you have been.
Staying safe on the road
The top 8 rules to respect while travelling or surfing at the swimming pool are:
- Make sure that you connect to the correct network. It is very common for hackers to spoof resort Wi-Fi connections with similar names as “Hilton Wifi”. Sometimes, it already starts in the plane: you do not have connectivity, but you can see “inflight WiFi”. It is peer-to-peer connectivity and many people fall for it and give up their login credentials.
- Make sure your connection to a website is encrypted. Watch for ‘https’ instead of ‘http’ in the URL address and look for the little padlock in the address bar.
- Use VPN connectivity when connecting to your business applications.
- Never use FTP or other services that are not encrypted.
- Use two-factor authentication on all applications that allow you to do so.
- Don’t set your device to connect to public Wi-Fi spots automatically.
- Don’t advertise your travel plans or trip updates on social media.
- Make sure that you have installed tracking/remote wiping software in case your device is lost or stolen.
Also, before I travel, I always make sure that all of my devices are backed-up, that applications and operating systems are patched and that I’m running with the latest updates from my security solution providers on all of my devices. And maybe the best advice is still this - don’t connect to internet during holidays at all. Try a digital detox and instead have fun and send me some good old-fashioned postcards.
Ciao for now.