Support 416-591-6711 option 1 or Email Us

Turn on Out-of-Office Reply for You, Not Your Cybersecurity

Wed, 03 Jul 2019

Pools, patios and cottages from coast to coast are open, and people are flocking to the Great Lakes and the coastline beaches – it’s summertime in Canada. So, throw on your out-of-office auto-reply, turn in your wing-tips and high-heels for flip-flops, and go immediately to the nearest ice cream truck. Take a break and do whatever it is that you do to enjoy the great Canadian summer, just don’t take a break from cybersecurity. Because, while you may be on vacation – the threat actors are not. 

Turn on Out-of-Office Reply for You, Not Your Cybersecurity

Cyber attackers don’t take summer holidays. They don’t put out-of-office auto-replies on or "gone phishing" signs up. They don't throw off their black hoodies and masks to tan on a beach drinking fruity drinks adorned with tiny umbrellas basking in the summer sunshine. They keep hacking and attacking even if you've decided to take some time off. Threat actors also like to use our vacation time, when we relax and are more apt to let our guard down, to attack. To not get burned while on vacation, wear sunscreen and take some necessary security measures so you can relax cyber safe this summer.

 

Take a Break from Work

If you can, do not work on vacation – at all – not even checking work email. This is, of course, good for your mental health. However, it’s also better for the cybersecurity of your company.

Scott Cairns, Cybersecurity Head, T-Systems UK, says "Our research shows a third of employees use free Wi-Fi at locations such as those at airports, hotels, coffee shops and bars, despite these being unsecure and open to communication interception by cybercriminals. Couple this with the widespread practice of employees emailing documents to their private email on their own devices, where security is invariably lower, and you open your organization to potential attacks.”[i]

According to a survey, nearly one-third of employees, 31 percent, use free Wi-Fi. Out of that, 24 percent use hotspots for work-related email and documents.[ii] Free Wi-Fi can be quite costly. An open network can be attacked in under two seconds.[iii] Therefore a device connected for the duration of a coffee, or while waiting to board a plane can undergo a series of attacks. The more attacks, the more likely that one of them will be successful in breaching and obtaining data, cloning, or infiltrating with malware or ransomware.

Another concern that few employees consider are the free USB charging ports at airports that 10 percent of employees admit to taking advantage of.[iv] USB ports can actually be used to transfer malware and viruses to users’ devices.   

Time out of the office on vacation should be time away from work for increased peace of mind and increased cybersecurity.

 

Beware of Holiday Offer Scams

You’re gazing out of your office window at the heat waves rising from the pavement. There are fewer people in the city, they've escaped to parts unknown. You want to escape too. You're dreaming of a big holiday at a big bargain price. You begin to Google and find deals popping up everywhere, then deal emails start appearing in your inbox.

Pop-up banners and emails that advertise too-good-to-be-true travel deals are probably just that. It’s essential to pay close attention to the links you click on, especially from a pop-up, and any attachments that you download. This is especially true on a mobile device as it’s often harder to realize the legitimacy of websites.

According to a McAfee survey, approximately one in eight Canadians have been scammed or almost scammed when booking a holiday online. The results of such scams can be a financial loss in phony bookings, stolen identity, or both. “Nearly one-third of those who fell for vacation scam were defrauded by falling for a deal that was too good to be true,” says the McAfee survey.[v]

Always remember to scrutinize the sender of any files, links, attachments, especially their name and their email address. Check to see if the name and email match. Many threat actors will spoof a display name or email to appear as if from a reputable or familiar brand, varying the spelling or adding punctuation - changes that can be easily missed.

It could be indicative of a scam If there is a sense of urgency, for example, the travel deal is only for the next hour or for today only, or there is an exclusive gift if you purchase right now. The goal is to inspire you to act before thinking or before assessing. The threat actors are playing on your impulses and emotions.

Always use caution when clicking on links if you don’t know where they lead. These could be IP addresses or short links. Don’t click on links if you don’t know what’s on the other end. You can check links using free online tools that show you where a link will redirect too. Here’s an example of a free security tool called Redirect Check. 

Do not download attachments, even innocent looking .PDFs or .DOCs with vacation offers, if you don’t know where they originated or who the sender is. These files probably contain malware that will infect your computer. According to Cisco, 38 percent of malicious attachments are masked as Microsoft Office files.[vi]

 

Beware of anything that seems like too good a deal. Do your research and stick to well-known travel booking sites and you should be ok.

 

You’re Packed and Ready – But, Are Your Devices?

Some essential pre-vacation cyber-hygiene items need to be taken care of.

  • Ensure all OS and security patches are up-to-date on all devices
  • Make sure that each account and each device has its own unique and challenging password that can’t be guessed through social media posts and is not written down for the world to see. Ensure, as often as possible, that 2-factor identification or bio-metric identification is in place.
  • If you’re holidaying without your device, ensure they are powered down and securely stored somewhere like a safe.
  • Make sure your device auto-locks when it’s not in use. Even if you step away for a moment, that’s enough time for someone to steal your data.
  • Back everything up. It’s better to be safe than sorry, so back everything up before you go.
  • Turn off automatic Bluetooth connections. It’s best to disable Bluetooth networking while you’re away. This prevents malicious connection attempts and protects your data.
  • Install a firewall on your devices – this should be a general rule but is of increased import when travelling.

 

For more specific information on how to travel with cybersecurity in mind, check out this post.

 

Oh, one last thing, when you write your out-of-office auto-response, don’t give away too much. The date you’re expected back, and alternative contact information for urgent matters is really all you need. Don’t include where you’re going or any sort of specific travel itinerary. It may seem silly, but this information can lead to increased chances of theft in the physical world and increased phishing schemes in the cyber world.

 

Now, get out there and enjoy your summer vacation!

 

 



‹ Back