How to lower your cyber exposure over the holiday weekend

Over Fourth of July weekend, as nearly 50 million Americans get ready for a quick getaway, seven in 10 travelers plan to bring along the device they work on, according to Snow Software.

But on-the-go workers who hop on seemingly innocuous airport or hotel Wi-Fi connections to answer an email or two could risk exposing data to hackers.

Standing between workers and the limitless potential of the web are man-in-the-middle (MITM) attacks, a method third-parties use to intercept data from devices in unprotected networks. They're more likely to take place in public spaces, airports and hotels.

"When connected to email servers and websites without using SSL/TLS, a hacker or other malicious actor could take actions like reading your content, injecting bad code into your sites and messages, deploying malware or ransomware," said Francis Dinha, CEO and co-founder of OpenVPN, in an email to CIO Dive.

Aside from substantial changes (think suspicious images or content) to sites people are already familiar with, there may not be an obvious tell that such an attack is underway.

The MITM method is one of the many ways workers can expose data as they work remotely over the holiday break.

Cyberattacks in general are more likely to target places with high traffic, especially tourist traffic, said Ashish Gupta, CEO of Bugcrowd.

"If you must connect to public Wi-Fi, stick with password protected networks," Gupta said, in an email to CIO Dive. "Connecting to unsecured networks can leave devices open to exploitation and data harvesting."

Charging stations are another seemingly harmless technology that may hide cyberthreats. If compromised, they can be used to hijack any device connected to them.

Here are more cybersecurity best practices from Gupta:

Be wary, trust your instincts: If an email, a Wi-Fi network or any other digital platform seems shady, there's probably cause for concern.
Roll up your digital windows: While traveling, keep your laptop locked, hard-drive encrypted and firewall on.
Stay off Wi-Fi: Use a personal hotspot to connect to the internet.
Mind the onlookers: Use a privacy filter for your laptop and mobile phone screens.

Cyber safeguards

For workers hopping on borrowed or publicly-available work stations, turning on two-factor authentication (2FA) can help safeguard personal information, said John Bennett, General Manager of LastPass.

"That's especially important if you're using a hotel computer or stopping at an Internet café to check email and credit card accounts," said Bennett, in an email to CIO Dive. "Also, make sure never to click 'Remember Me' on a public computer, and clear the cache when you're finished."

Beyond the digital realm, there's a number of real-world safety measures that can reduce the risk of an attack.

"Laptops and smartphones are likely targets for thieves during high travel periods," said Humberto Gauna, information security consultant at BTB Security. "Thieves know that most valuables are in carry-ons, and may target those that are made for carrying laptops. While it might seem obvious, don't leave your bag unattended or not within arms-reach when traveling."

While working remotely, a privacy screen should be in place to keep onlookers from jotting down any sensible information or passwords.

"Sit with your back to a wall in public spaces and make sure there no one is shoulder surfing," said Gauna, in an email to CIO Dive.

If traveling abroad to a high-risk region, Gauna recommends the use of a "burner" phone with only essential data and apps installed.

Bluetooth, Wi-Fi, and near field communication (NFC) capabilities should be turned off all devices when not in use to deter hackers from using those channels to get access, said Gauna.