A majority of your employees may be exposing your system to threats while traveling, a recent study found. A threat management firm surveyed 1000 US employees to gauge their understanding of cybersecurity best practices while working remotely. 3 out of 4 of every respondents claimed that they knowingly used public Wi-Fi connections while on company-provided devices, and about 3 out of every 5 said they accessed their work-related emails and devices as well. 1 out of 5 had previously left work devices unattended while traveling.
Vulnerability from Cybersecurity Ignorance
The study highlights a reality among employees concerning cybersecurity best practices while traveling or even working remotely day-to-day. Though about half of those surveyed claimed they knew there were existing guidelines for the use of their devices outside of the office, the other results indicate that either they were unaware of the basic obligations or knowingly ignored them. More often than not, the former accounts for most cybersecurity guideline noncompliance and even those that claimed awareness were actually misinformed.
Traveling Employees are a Hacking Target
Cybersecurity practices while traveling represents a bigger gap than many businesses might realize – some cybercriminals have specifically targeted people in transit. Hackers have gone as far as infiltrating hotel networks to spoof Wi-Fi connections or even install keylogger programs in business center computers. This indicates that attackers are very aware that visitors drop their safeguards while on business travel or vacation and can be more easily exploited.
The rise of socially engineered hacking methodologies creates a danger of cybercriminals leveraging traveling personnel as a dedicated attack vector. Flippant use of social media, GPS-tracking software or any other channels that could provide snippets of personal identifiers permits hackers to build profiles on victims once they are able to piece together enough information.
More than Cybercrime
This also supplies hacktivists, nation-state hackers and any other politically-motivated cyber attackers with a means to bring down targets by conducting research into “weak link” employees with system access but less security. Committed surveillance of their social network or other online activity will allow hackers to plan for traveling periods and take advantage of the decreased security awareness to plant malware in their workplace devices.
Throughout 2018, federal agencies noted several private and public organizations fell victim to phishing attacks by Russian-backed hackers, and experts have seen a resurgence of corporate espionage by Chinese cyber actors since the beginning of the trade war. Both groups are aggressively seeking out vulnerabilities in American systems for a mix of monetary and political reasons, and employees of US companies are a primary target.
Educate Your Employees on the Risk
As demonstrated by the survey results, the lack of compliance with organizational cybersecurity practices while traveling likely stems from not having a true understanding of what this means. Ensuring employee buy-in on your security policies requires you to communicate these guidelines in a way that they can understand intimately.
Read through these seven methods for gaining employee buy-in for your cybersecurity practices to help you determine the best way to bring attention to this issue.