Cybersecurity solutions company Kaspersky reminds the public that as they go on a break this week (or anytime during the dry season) to be more vigilant when it comes to digital security practices.
Travel bookings online and making cashless payments offer so much convenience that we often become complacent not only about passwords but also about the networks we connect our devices.
“Security-first thinking opens doors for a more enjoyable holiday break, especially for Filipinos who are among the world’s most active online users,” said Chris Connell, managing director for Asia Pacific at Kaspersky.
Both individuals and companies are advised to be extra mindful of personal cybersecurity best practices and internet hygiene when on a holiday.
For companies, Kaspersky suggests to:
1. Conduct drills
- Emphasize to vacationing employees why data encryption, two-factor authentication, strong passwords, and locking devices when not in use are important.
- Discuss the steps to take if their device ends up getting stolen.
- Advise staff about charging smartphones in a wall socket, not through USBs at airports and other public places. These can be used to steal data from a device and infect it with malicious software, such as spyware.
- Educate employees about the dangers of public WI-FI (and even hotel WIFI unless it is encrypted and password-protected) and how to use a secure connection such as with a VPN.
2. Make it a habit to log out of their devices
- Terminate unnecessary VPN connections to the corporate infrastructure.
- End unnecessary sessions that employees have left on any devices for an extended period. This also applies to corporate messengers, web apps, and any other services.
- Check that the list of employees with access to the corporate network via VPN or RDP includes only authorized users. Revoke access from those who don’t need it.
- Create special “emergency” admin accounts for potential incident response over the holidays. The rights granted to regular admin accounts can even be temporarily restricted so that attackers cannot exploit them.
3. Install patches for all key applications. This process is far simpler if your company uses security solutions with a built-in patch management system.
Kaspersky encourages individuals to:
1. Only browse trusted apps and websites and be careful about the personal information you input like credit card numbers or home addresses.
2. Do not click on links or open email attachments from travel sites when receiving confirmations. Trusted companies include such letters in the bodies of their emails. Malware is often disguised as an attached confirmation letter.
3. Bring two or three or more credit or debit cards to have a backup plan in case of loss or needing to cancel one.
4. Never leave valuables unattended. Put large amounts of cash and mobile devices or laptops in the hotel safe.
5. Use a credit card as most have built-in protections against fraud. There is no protection against a scammer if you send them cash or even check or debit card payment in some cases. A money transfer service is not advisable.
6. Ensure their devices have security software installed, ideally with anti-theft technology.