Mobile and remote working is now the norm, yet many employees are unaware of the threats they face. Danger areas include hotels, conferences, airports and shared computers. The targets for attack include smartphones, tablets, laptops and storage devices such as USB drives.
In March 2015, Wired Magazine reported that researchers had discovered a vulnerability in hotel Wi-Fi routers allowing attackers to distribute malware, monitor and record data sent over the network. The researchers even found it was possible to gain access to the hotel’s reservation and keycard systems.
Locking your mobile devices in the hotel safe may be little protection from theft, as demonstrated by the hacker who conducted a security audit on the safe in his hotel room, gaining access in less than a minute using just a paperclip and a multi-tool.
Conferences often provide free Wi-Fi which may be vulnerable. Delegates are usually given materials on a USB stick, which can be infected with malware. Recently, I found a USB stick received at an international security conference contained three pieces of malware, without the organisers’ knowledge.
Airports are a favourite target for criminals. One laptop is stolen every 53 seconds in US airports according to a Code 42 report. Most are never recovered. And again, airport Wi-Fi connections can present a real threat, as can public computers in business lounges. In 2011, staff found USB keyloggers in three library PCs in Cheshire, so the chances of a similar occurrence in a high-traffic environment like an airport must be significant.
Read more about remote working and security
- One third of remote-working staff admit losing unsecured mobile devices and putting data at risk, a study shows.
- Businesses will increasingly provide remote support for tablets and smartphones, but security fears are still an obstacle.
- The Ponemon Institute says enterprises are devoting millions of dollars to mobile application development, but barely any of the money is focused on security.
Tips to protect a laptop or mobile device
- Keep your mobile devices with you whenever possible;
- Keep your mobile devices in sight at all times;
- Never leave your mobile devices in your car or hotel room (even in the hotel safe!);
- Switch on “Find My Phone” (or tablet);
- Only connect to trusted networks;
- Use a long passphrase as your laptop password;
- Use a good password or a long PIN on your smartphone and tablet;
- Minimise sensitive information you keep on your mobile devices;
- Turn off Bluetooth and wireless when not in use;
- Full disk encryption is the best defence for laptops.
Tips for protection on public and hotel Wi-Fi
- Remember that open Wi-Fi networks allow hackers to intercept just about everything, so never use public Wi-Fi for sensitive information;
- Do not use the same password for websites and corporate systems;
- Ensure your email connections are encrypted;
- Use a corporate VPN whenever possible.
Tips to minimise the risk of attack on public computers
- Ensure people cannot see your screen or keyboard (sit with your back to a wall);
- Do not use public computers for sensitive information;
- Use "private browsing" if you can;
- Use https rather than http whenever possible;
- Never use "save password" or "remember me" options;
- Clear recent history and close the browser before you leave;
- Delete any attachments or files you may have downloaded.
Tips to avoid USB attacks
- Never plug in a USB device without having it checked by your security or IT department;
- Never permit anyone to plug their USB device into your computer (even “just to charge it up”);
- Do not trust any USB device, even if it appears to be “factory fresh” or received at a conference;
- Do not plug any unchecked USB devices into your home computers either!
Peter Wood is CEO of First Base Technologies LLP