Intelligent CISO Issue 76 | Page 42

expert

OPINION
If , while travelling , your endpoint device is infected with malicious software like viruses , there ’ s a chance you could infect your corporate network .
Another important point is not to install random stuff on your computer for which you don ’ t know the legitimacy . When travelling , sometimes you need different kinds of tracking software , especially if you are in different countries , and especially now with a lot of countries asking for certain kinds of trackers at airport immigration for example . Make sure you install the right one and not some weaponised files which might be floating around the Internet .
It ’ s also really important to be aware of with whom you share your devices . Don ’ t let someone else use your laptop , even quickly to just browse a website or check some emails . This is really dangerous because if someone else connects to their own inbox , this could lead to you opening a certain file and downloading malicious stuff onto your computer . The same holds for connecting USB sticks from others to your computer . You never know what kind of software is stored on a USB stick ; it may automatically run once it ’ s connected to your system . I highly recommend never using a USB stick from others .
Also , don ’ t leave your laptop unlocked near others , even if it ’ s just for a moment . Always make sure your computer is locked and that it has a complex password . The best case would be to utilise a password manager , so you don ’ t have to remember your passwords for all your websites but they remain secure .
For IT admins , there are a lot of good things we can be doing to make cyberhygiene a much better environment . For example , we should enforce updates on computers by default and always make
sure that administrative privileges are only given to the people who really need them . We need to understand certain behaviours happening on these endpoint devices and know which kinds of systems are becoming end-of-life . For example , if someone in your finance department is using a lot of Power Shell scripts , note that this is irregular for a finance department .
Data in laptops should always be encrypted in case of a loss , which can happen very easily when people travel . Laptops get stolen or are lost , and if you don ’ t encrypt the system , even with a password on the device , it ’ s not that difficult for threat actors to get access to the data in the end because they have physical access to the device itself . You should always have an inventory of all the hardware and software in your company , especially if people bring back different kinds of devices to your network , so you know whether it ’ s your own device or not . And even if you think you have everything under control , you should always have an incident and response plan so you know what is going to happen if a laptop gets stolen .
How can employees continue to work from anywhere while travelling and connecting to their essential networks ?
If possible , don ’ t connect to public Wi-Fi , especially if a lot of people are around the network . If you can connect to a public Wi-Fi , pretty much anyone in that area can as well , and you are not in control of what is happening on this network . You don ’ t know who is on this network or what they are doing because you don ’ t control the security . If the network has bad security , then you now enable your system to be scanned directly by other people on this network .
I recommend different kinds of solutions to solve this problem . The best case would be to buy a SIM card from the specific country you are travelling to , to create your own hotspot , where only you are part of the network . If you travel around to different countries , another option is to buy a mobile Wi-Fi router and only use it by yourself . This way , it ’ s very easy , no matter where you are , to access this environment with usually low costs . And no matter what , if you must join a public network , avoid any sensitive task . Don ’ t do online payments or log into your bank accounts . This brings down the possibility of you being involved in a cybersecurity incident .
42 WWW . INTELLIGENTCISO . COM