When not only employees but also company devices go on the road: IT security tips

Surveys show that more and more Swiss people are also reachable during their vacations and answer work-related mails, SMS or other messages. This may be done from devices that are not included in the secure corporate network. A reply to a corporate email may be exposed to a cyber threat that the user has no idea about.

General IT security tips

Cisco Security Expert Bremtane Moudjeb describes how to behave properly and keep the risk of cyberattacks as low as possible with a few IT security tips. "Cyber threats are more sophisticated today than ever before. Of course, only the most advanced technologies will help with complex attacks, but even ordinary users and small businesses can make their protection more effective by following a few simple rules. This is especially true during the vacations because we are out of the office and not using a secure corporate network," says Bremtane Moudjeb. "The IT industry also offers security technologies, such as VPN or Secure Internet Gateway for secure email and secure access to corporate data. Communicating over a cellular network (e.g., 4G) is a good alternative because it uses encryption. Using a VPN over a cellular network adds an extra layer of security for users. Additionally, there are alternative collaboration tools, such as Webex, that ensure a protected platform for enterprise communications regardless of location."

Seven important tips for secure email during the vacations

1.  Don't trust public Wi-Fi security: One of the risks is that other people's devices infected with malicious software are connected to the same Wi-Fi network. Through this WLAN, the malware can also reach your device and spread to your corporate network. If you need to respond to business emails urgently, use VPN - virtual private network - or prefer mobile data instead.
2.  Use VPN connections or a secure Internet gateway: When you send business documents from your computer over WLAN or wired network outside your business network, you use a so-called virtual private network (VPN). How does VPN work? Your computer acts as if it is connecting from your business. If you know you'll need to work during the vacations, ask your IT manager about VPN connection settings. The current trend in protection for remote connections is the so-called secure Internet gateway, which provides a first line of defense against cyberattacks. Cisco Umbrella, for example, prevents access to dangerous sources before a connection is established or a file is downloaded.
3. Before you go on vacation, back up your data: A backup is one of the most important security basics. Make sure that all the data you need to work with even during the vacations is stored in your company or back up your data on an external drive that you do not take with you on vacation.
4.  Never rely entirely on the security of HTTPS pages: There is a widespread assumption among users that encrypted websites, usually with "HTTPS" and the lock icon in the address bar, are perfectly safe. Although encryption improves user privacy, it is increasingly being used by hackers. "Today, 50 percent of all websites are encrypted. However, finding a malicious file in encrypted communications is a big challenge. Only a very advanced security solution that uses machine learning or artificial intelligence is capable of doing that. That's why we need to keep a special eye on these websites that people connect to, because at first glance they seem very secure," warns Bremtane Moudjeb.
5.  Avoid working on public devices in an Internet café: You should not use devices that are not intended for work. Never send business messages and documents from public computers in an Internet café. You can never be sure that the owner of the Internet cafe protects his computers with sufficient security technology.
6. Communicate only through corporate accounts: Corporate policies typically state that all business communications must be done through corporate accounts - whether it's email or another work tool. However, there may not be access to the corporate account when there is an urgent need. In this case, caution should be exercised when using from the private email account that is not included in the company's security network. "Email is still the most popular communication platform today and also still the most common way for infected software to enter the device. A good alternative to email is collaboration tools that use specialized encryption and protection. I also recommend colleagues, partners or customers to use tools such as Webex Teams," says Bremtane Moudjeb.
7.  Do not send confidential data to third parties: This rule applies not only during the vacation season, but in general. Disguised e-mails aim to request confidential information, such as bank data or login passwords, in order to then misuse them. These are not always easily identifiable, so extra caution is needed with such emails. Similarly, cybercriminals like to use the vacation season to demand unauthorized payments. They assume that employees do not like to disturb their bosses during the vacations, and thus false transfers are made.

Recommendations for companies

Companies should also follow some IT security tips so they don't want to unnecessarily expose employees (and their own company) to cyber risk during the vacation season:

1.  Comprehensive protection of corporate communications: The first step for companies that don't want to risk their employees getting an unwanted surprise should be to deploy a solution that protects all email communications.
2. Security from the cloud: The Secure Internet Gateway monitors the current security situation globally and protects those devices that are not connected via VPN. The solution blocks current and future threats, preventing access to dangerous domains, URLs, IPs and files before a connection is established or a file is downloaded.
3. Endpoint security solutions to protect corporate data: These solutions can track who is logged in, when, from which devices and where, and identify or defend against security threats. The administrator has an overview of what is happening on the corporate network.

The ideal solution is a combination of all these compatible tools. The key to successful protection is a threat intelligence concept and a cloud-based approach that monitors all the latest threats in the world, sends data to security solutions, and then updates and protects them against new malware.

Source: Cisco