How to help ensure cyber safety this summer
By Lewis Pope
You’ve been waiting and planning all year. The sunscreen is packed, the neighbors have a spare key to water the plants while you are away, you made sure to set your out-of-office notifications, and emergency contact information has been updated. It is time for vacation season!
There is a lot to do to help ensure an enjoyable and safe vacation. But what if getting a few hours of work in while you’re traveling or enjoying a sunrise over the water is on the agenda? Not everyone likes the idea of taking work with them on vacation. Some see it as an opportunity to get ahead, to not fall behind, or maybe they just love their job that much. Whatever the reason, making sure that end-users who are working on vacation are still protected is an important task MSPs and IT departments.
Let’s look at what we can apply from those lessons learned to keep end-users safe when traveling during the summer vacation season.
Cybersecurity awareness training
Getting end-users to take ownership of risk through cybersecurity-awareness training is important. You likely already have some sort of cyber hygiene training program in place. Some training programs even have modules specific to international travel. It’s a great idea to have an end-user complete new cyber hygiene training just prior to their scheduled vacation to keep the lessons learned fresh in their mind.
Update all the things!
This is one of the most basic—but very effective—way of keeping users safe. Make sure all systems a user takes with them are fully updated. This includes not just OS and applications, but also firmware and even a user’s personal devices that may be used to access company resources while traveling. Tools like N‑able’s Patch Management can help automate this process for laptops, workstations, and servers.
A fresh, hardened laptop computer for international travel
This one might be hard where budgets are tight but can be an effective step. If an end-user will be doing extensive traveling during their vacation, consider providing them with a freshly loaded computer that is fully patched and has your full security stack installed. This can reduce the chance that a user takes an already compromised system with them as well as ensuring the system is hardened and in a known good state. When the user returns from vacation, they can go back to their regular computer and the travel laptop gets prepped for the next user who goes on vacation.
Encrypt all the things!
BitLocker is the drive encryption technology of choice for many as it is a native component of Windows. Even smartphones support device encryption. If a device is lost while on vacation, you need the confidence and audit trail to be able to say the device is encrypted and cannot have its data retrieved.
Enforce idle timeouts
It’s easy enough for an end-user to forget to lock their device under normal circumstances. Add in the excitement of a vacation and it’s almost guaranteed. Setting devices to lock after a specified time can help prevent these situations, which is especially important when devices are being used in public areas.
Avoid public Wi-Fi networks
Most public Wi-Fi networks are going to have minimal or no real security measures in place. Wi-Fi connections that do not require credentials are subject to being intercepted and manipulated by a physically present attacker. Have users take advantage of their phone’s hotspot, issue them a cellular hotspot to use, or provide a secure VPN service.
A browser VPN won’t save you
Search for VPN on Google and you will get results for tons of services offering web-traffic anonymization and safety. While these services might protect you from advertisers and data brokers, it won’t offer the security controls needed for business environments. A solution like a DNS filter is a better option for SMBs.
Improve end-user device security
Anything you can do to make an end-user safer while they are away on vacation makes their life and the IT support team’s life easier. Having an endpoint-protection solution with detection and remediation capabilities can help keep remote support tickets to a minimum by keeping users out of trouble in the first place. If and when they do get into trouble, having automatic remediation and rollback capabilities offered by solutions like N‑able’s EDR will reduce downtime for the end-user and help keep any nasty surprises from coming back home with the device.
Use agent–based DNS and content filtering
Once an endpoint is no longer on the office network, it loses any protection that may have been provided by firewalls or other network security appliances. N‑able’s DNS Filter currently available in N‑central and web protection available in N‑able RMM provides agent-based protection no matter what network the device is connected to.
Backup devices before and during if possible
A laptop gets dropped in the pool. A phone gets left in a ride share. The sun bakes a tablet left on the sand. There are thousands of ways for things to go wrong on a vacation that result in the loss of data. Make sure devices and data are fully backed-up prior to the trip. If possible, use a bandwidth efficient, cloud-first backup solution like N‑able’s Cove Data Protection that will let you perform device backups no matter where they are.
Never use public computers
While those complementary computers at the hotel might seem like a life-saver, their use should be reserved for emergencies and one should avoid logging into business or personal accounts while using. You have no guarantees about the state of the computer or the network to which it’s connected.
Social media
Everyone wants to share pictures of the places, food, and fun they’re having while on vacation, but avoid oversharing or sharing live in the moment. If someone is gathering information on you via social media to prepare for a focused social engineering attack, you want to deprive them of as much intelligence as feasible. Depriving an attacker of this knowledge can help reduce their effectiveness. Consider waiting until you’re back from your trip and curate the best-of-the-best to post or schedule your social media posts to drop after you’re already home from vacation.
MFA all the things
While this should be standard practice at this point for MSPs and their clients, all services and devices that support MFA should have it enabled. When an end-user is traveling, especially abroad, it makes it more challenging to monitor and audit their access to systems. If an end-user will be travelling and they need access to a service that does not support MFA, consider providing access to this service only over a secure VPN connection that itself requires MFA.
While this list could go on for quite a while, it would be almost impossible to list all the available actions you could take to make your summer cybersafe. The important thing is to check in with lessons learned during WFH and make sure to cover the basics.
Lewis Pope is the Head Security Nerd at N‑able. You can follow him on Twitter: @cybersec_nerd
LinkedIn: thesecuritypope
Twitch: cybersec_nerd
© N‑able Solutions ULC and N‑able Technologies Ltd. All rights reserved.
This document is provided for informational purposes only and should not be relied upon as legal advice. N‑able makes no warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information contained herein.
The N-ABLE, N-CENTRAL, and other N‑able trademarks and logos are the exclusive property of N‑able Solutions ULC and N‑able Technologies Ltd. and may be common law marks, are registered, or are pending registration with the U.S. Patent and Trademark Office and with other countries. All other trademarks mentioned herein are used for identification purposes only and are trademarks (and may be registered trademarks) of their respective companies.