Page 171 - Cyber Defense eMagazine September 2023
P. 171
1. We do not share the same holiday and vacation schedule as cybercriminals
Cybercriminals know that organizations and their employees are quite understandably less vigilant during
the summer months and holidays in general and thus focus on these particular times to take advantage
of a less vigilant workforce. They also know that the summer workforce may be dotted with temporary
staff or contractors that may not have had the same security training as their full-time staff. Many
employees, quite admirably, also continue to work remotely at least part of their days during the holidays
and this creates a very attractive target for cybercriminals...corporate leaders working on company
devices using public Wi-Fi to connect to their headquarters. Everyone has a busy season and
unfortunately for us, the busy season for cybercriminals tends to be holidays, weekends and of course
the summer months.
2. Public devices are just that...public!
Try to avoid using public devices during your travel. It is so enticing to see a very nice, comfortable
business center and decide to sit down and do some work. These devices are always available to hotel
guests and employees around the clock and, in some cases, anyone at all who happens to access the
lobby. These systems can be easily installed and configured with keyloggers or other malware that may
compromise your login credentials and other personal information.
3. Public Wi-Fi is a hunting ground for cybercriminals
There are things you can do, and more importantly as leaders, there are things that you can enforce
through corporate policies that will make your organization more secure. One is to confirm that while
traveling and working outside the office, you are using a secure Wi-Fi connection or simply using your
mobile wireless connection to ensure encrypted transmissions between your device and the Internet.
This can minimize, or even eliminate, the risks of popular attacks like Man-in-the-Middle (MitM) attacks
where you may really be attached to a private router even though you assume that you are attached to
a trusted router, or malware injections where someone else on the same wi-fi network is infecting your
device with malware from another device on the network. Another thing you can do is to use a Virtual
Private Network or a VPN once you connect to your public Wi-Fi. This will create a secure tunnel between
you and your organization in which all data is strongly encrypted so that if the data is intercepted then it
will be essentially unusable to whomever intercepted it.
4. You wouldn’t call a criminal and tell them you are going away so why post it on social
media?
This is the most difficult one to adhere to and to stay diligent about. Who among us does not want our
friends and family to know that we are on a beautiful mountaintop with our loved ones and simply enjoying
life? However, while you are on that mountaintop, it is very evident to cybercriminals that you are not at
your home, and more importantly, you are definitely not at your place of business. This means that there
Cyber Defense eMagazine – September 2023 Edition 171
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.