XM CYBER TEAM The XM Cyber team consists of the best cyber security specialists in the world. Their thought leadership helps inform and educate customers globally via webinars, videos, articles, books and industry presentations. Join us online at xmcyber.com for more in-depth analysis and recommendations on cyber security best practices.
Taking a break from the office? Awesome. But don’t take a break from cybersecurity. If you work on vacation – or if you own or manage an organization and expect your team to work during their vacation – you need to review, learn and teach some cybersecurity measures to help protect everyone from the bad guys.
Use these travel-inspired “to-dos” to boost your confidence and peace of mind, not only when planning, but also while enjoying your well-deserved time off.
LOCK DOWN YOUR LOGIN
Your usernames and passwords are not enough to protect key accounts like email, online banking, and social media. Get ready for your summer trek by fortifying your online accounts and enabling the strongest authentication tools available, such as biometrics, security keys or multi-factor authentication.
THINK BEFORE YOU APP
OWN YOUR ONLINE PRESENCE
Not everyone has to know about your travel escapades: Set the privacy and security preferences on web services and devices to your comfort level for sharing. It is okay to limit how and with whom you share information – especially when you are away.
ACTIVELY MANAGE LOCATION SERVICES
Location tools come in handy while planning your trip or navigating a new city, but they can also expose your whereabouts – even through photos. Turn off location services when they’re not in use.
GET SAVVY ABOUT WI-FI HOTSPOTS
Do not transmit personal info or make purchases on unsafe networks like those in local cafes and hotel lobbies. Bad actors can spoof what may look like legitimate hotspots to lure victims to send traffic such as emails, passwords, and documents through their equipment, thereby stealing data.
TURN OFF WI-FI AND BLUETOOTH WHEN IDLE
When Wi-Fi and Bluetooth are on, they connect and track your whereabouts. If you do not need them, switch them off.
FAILING TO PRACTICE SMART SAFETY PROTOCALS DURING CLOUD MIGRATION
While the previous examples are somewhat evergreen to IT, here’s one that is especially relevant today. As companies rush through cloud migration, they often put unrealistic demands on their overstretched security teams.
They also fail to consider the specific challenges inherent to security in a hybrid environment. Security teams need to consider on prem security objectives, cloud security objectives and — most importantly — the interplay between on prem and cloud. This is illustrated by the stream of major cloud security incidents we’ve seen lately, often arising from a simple misconfig or some other seemingly obvious security flaw. AWS and other cloud environments are also at elevated risk of attacks from advanced persistent threats (APTs), who can embed within networks and move laterally, escaping detection for weeks or months.
Other common IT security fails include:
• Implementation of standard IT networks into operational networks
• Poor IT hygiene (changing permissions and forgetting to switch them back)
• Vulnerabilities related to data maintained on third party supplier/customer networks
• Improper connection and USB errors that can jeopardize even air-gapped networks
SO WHAT’S THE SOLUTION?
As noted above, human nature is the ultimate security vulnerability. You can have the most advanced vulnerability scanners, penetration testing, patch management tools etc., but you still need to account for how people are hardwired to think.
Given that IT security fails are inevitable, it’s imperative to use the most rigorous and continuous testing tools available. For APT IT security, breach and attack simulations (BAS) fit that description quite well.
A relatively new technology, BAS platforms simulate the most likely attack paths taken by APTs and expose these gaps. In this way, BAS platforms act much like red teams, ethical hackers who help launch attacks in controlled environments in order to test defenses. Once issues are exposed, prioritized recommendations are issued.
There is one critical difference between BAS and red teaming, however: Advanced BAS platforms offer automated testing. Instead of relying on pen testing every few weeks, organizations can assess the state of their security 24/7, 365 days-per-year.
Currently, this level of automation provides the gold standard in APT IT security, as it effectively addresses all the modern IT failure points outlined above through automation and continuous testing.
Like death and taxes, IT security fails will always be with us. Yet by accounting for human nature — and using cutting-edge solutions such as BAS platforms — organizations can greatly reduce their risk of becoming the next high-profile IT security fail.
PROTECT YOUR $$$
Be sure to shop or bank only on secure sites. A web address with “https://” means the site takes extra security measures. However, an “https://” address is not secure. Yes, fake websites can use HTTPS.
NEVER USE PUBLIC COMPUTERS TO LOG INTO ANY ACCOUNTS
Be extremely cautious on public computers in public places like airports, hotel lobbies and Internet cafes. However, if you need to log in from such places, make sure you clear the cache and browsing history and delete all the temporary files from the computer. Also, never allow the browser to remember your ID and password. Or just go incognito.
SHARE WITH CARE
Think twice before posting pictures that would reveal you are not home or that you would not want certain people (like your parents or employer) to see. In addition, remember to post only about others as you would have them post about you. The golden rule applies online, too.
BEFORE THE BREAK, BACK IT UP!
One of the most important steps in creating an effective plan is to figure out how often data, particularly your critical files, your “crown jewels,” need to be backed up. The good news is that there are now more userfriendly backup options. Some software solutions on the market automatically back up data at selected intervals, to make the process easier to manage.If you practice these travel-inspired to-dos, you will have a safer and more secure vacation.