A new study of 2000 people, created by online learning platform ELVTR shows that 64 percent of workers state they carry out some form of work on vacations, sometimes connecting to Wi-Fi networks in order to complete tasks.
This pattern is often encouraged by their employers, as 1 in 4 workers said they get asked to check their emails while on vacation by their bosses.
One concern is that to carry out work tasks many of the Wi-Fi connections used are unsecured and hence unsafe. According to Nazar Tymoshyk, cybersecurity expert and CEO of a cybersecurity startup UnderDefense, such actions can cause a substantial threat to both employers and their employees.
The main security risks associated with working on personal laptops and connecting to hotel Wi-Fi n etworks are set out by Tymoshyk as: “Rogue access points pose a significant risk. Attackers create fake Wi-Fi networks resembling legitimate ones in hotels. When users connect, attackers intercept their internet traffic, potentially stealing sensitive information like usernames, passwords, and business credentials. This “man-in-the-middle” attack allows attackers to monitor and manipulate data transmission.”
Website spoofing is another risk. Here Tymoshyk explains: “Attackers redirect users to fake websites resembling legitimate ones, such as banking or email login pages. Users unknowingly enter their login credentials, which attackers capture, granting unauthorized access to private accounts. This phishing attack leads to identity theft, financial loss, and compromised data.”
Based on the above issues, the potential consequences for both workers and employers are severe. As Tymoshyk explains: “Workers face the risk of exposing personal and corporate data to attackers, resulting in identity theft, financial losses, and reputational damage.”
Drawing on an example, Tymoshyk says: “For employers, consequences are severe, including theft of sensitive data, compromise of intellectual property, business disruptions, financial losses, regulatory non-compliance, and reputational damage. Failure to implement security measures or experience a data breach can lead to legal and financial liabilities.”
For workers to minimize the risks while working and traveling, Tymoshyk makes the following six recommendations:
- Use a reputable Virtual Private Network (VPN) to encrypt internet traffic and protect sensitive data.
- Enable Two-Factor Authentication (2FA) for all accounts to add an extra layer of security.
- Keep all software, including operating systems and applications, up to date with the latest security patches.
- Exercise caution when clicking on links or downloading attachments, especially from unfamiliar sources.
- Utilize strong, unique passwords for all accounts and consider using a password manager.
- Be mindful of the security of personal devices and use reliable antivirus and antimalware software.
If insecure Wi-Fi networks have been used, Tymoshyk recommends:
- Change passwords for all important accounts, using strong, unique passwords.
- Monitor financial statements for any suspicious transactions and report them to the respective financial institutions.
- Perform a thorough scan of the device using reputable antivirus and antimalware software.
- Enable account notifications to receive alerts for any unusual activities.
- If concerns persist, consult with a cybersecurity professional or the IT department for further guidance on potential risks and mitigation measures.
The above can be strengthened when employers have robust cybersecurity measures in place.
