Security Awareness Inspired – Part 1
As a frequent traveller, going online has become universal for me. I expect Internet access wherever I am for whatever I need. However, when I am on the road, accessing the Internet can be challenging. Connections may be not only slower but also at greater risk, especially when connecting to public networks or using a public computer in the hotel. The key to using the Internet securely while travelling is to understand these additional risks, use caution, and be prepared.
One of the most effective ways you can protect yourself when travelling is to first take simple, preventive steps before you leave. If you are using a corporate image notebook, most of the following tasks are likely maintained by your IT desktop management, but nevertheless worth to check frequently by your own, in particular if this is your own device that is not managed by IT.
- Ensure your laptop and smartphone operating systems and applications have the latest version reduce their vulnerability to attack (i.e. use “Windows Update” in your program list to check).
- Make sure the firewall on your laptop is enabled. This helps prevent others from connecting to your laptop over the network. Check that your anti-virus software is up-to-date and in good working order (i.e. for both firewall and antivirus check the status icon in the taskbar).
- Laptops and smartphones are targets for thieves and easy to lose - as we all know and always tell our customers. Enable automatic screenlock on your laptop and smartphone using a strong password or, at the very least, a PIN code.
- If your laptop or smartphone has personal or confidential information stored on it, consider encrypting the information or your entire hard drive. Many organisations already deploy file- and/or whole disk encryption as part of their corporate images. If you are using your own device, consider software for file encryption and/or for whole disk encryption.
- If you set an out-of-the-office message, identify a colleague as an alternate point of contact while you are gone. In addition, do not provide specific details about your trip. If possible, limit delivery of your out-of-the-office message to recipients within your organisation or to people already in your address book.
- Make yourself familiar with the travel safety program of your organisation to see what special services it offers to us whilst travelling.
CONNECTING TO PUBLIC NETWORKS
Always keep in mind that in a public network anyone has access, and your online activities can be monitored by others. In addition, malicious individuals may operate fake Wi-Fi networks that are designed to fool you into using them and potentially attack your system.
When possible, use a sponsored Wi-Fi network hosted by a legitimate organisation. Look for signs with the name of the Wi-Fi network displayed in the hotel lobby, airport terminal, or café. Using these sponsored networks is a better security bet than picking a public Wi-Fi network at random. In addition, when possible use encrypted Wi-Fi networks, and pay attention to the type of encryption. In order from best to worst, the common Wi-Fi encryption types are: WPA2, WPA, and WEP. Even with Wi-Fi encryption, your communications could still be intercepted by other users of the same Wi-Fi network.
Take the additional precaution of using an encrypted data connection such as HTTPS or Virtual Private Network (VPN). An HTTPS browser session, usually indicated by the familiar padlock icon, encrypts the information you send over the Web. Many websites and online services allow you force that HTTPS encryption be used at all times.
If your organisation provides VPN access, always try to establish a VPN connection via the VPN client into the network of your organisation. A VPN connection ensures that all your online activities are encrypted and unreadable for those that are intercepting your communication.
Another option is to use your smartphone as a Wi-Fi access point – if you have data flat rate and if you are not roaming outside of your home mobile carrier country. If you have a smartphone, contact your service provider about using its +3G capabilities to set up a secure “tethered connection” or “personal Wi-Fi hotspot” for your laptop. In addition, your smartphone’s email and browser capabilities may be enough to meet your needs while on the road. If so, the security afforded by your smartphone’s mobile broadband connection is a better bet than public Wi-Fi.
AVOID USING PUBLIC COMPUTERS
There is no way for you to know who used a public computer before you. It may have been infected or otherwise compromised accidentally, or malware may have been planted on it deliberately. Any information you enter may be stolen by cybercriminals.
Limit your use of public computers to casual web browsing only, such as checking the weather, the status of your flight, or catching up on the news. If you have no choice but to use a public computer to make a transaction or to communicate sensitive information, you have to assume that any information and your login and password you used have been compromised. Keep track of the accounts you had to access and change your passwords immediately the next time you have access to a trusted computer and network.
I hope you find this information useful. If you want to learn more about how to establish a security awareness program within your organisation, please visit the Symantec Security Awareness Program website. This program helps you to train your employees to understand information security issues and behave in a manner that minimizes risks.
Note: Some text although modified has been partly taken from “OUCH!”, the monthly security awareness newsletter from SANS Institute, http://www.securingthehuman.org/resources/newsletters/ouch