In this special blog Martin Kraemer, Security Expert at KnowBe4 notes the heightened dangers that holidaymakers face, who take advantage of a more relaxed and mind state, known as ‘holiday brain’.
“The biggest problem with checking work emails during the holidays is not only that you don’t have time to pull the plug and relax completely. Shady cybercriminals are lurking in your inbox, waiting for the moment your focus is on everything but cybersecurity and digital threats.
“Skilled magicians know that diverting the audience’s attention is paramount to their illusion. While everyone is focusing on the right hand, the left hand is in the process of making the “magic” happen.
“The modus operandi of cybercriminals is not much different.
“Because while your holiday brain is set on quality time with your loved ones, fun experiences and chilling out, it is also vulnerable to digital threats. The disadvantage of the boundaries between work and private life gradually blurring in recent years is that the brain is not always as quick to adjust its mindset as the fingers are to press the phone screen or the keyboard.
“On the contrary, in your attempt to be a conscientious colleague who checks in, and answers work emails during your vacation, you may end up doing the company and your business partners a great disservice.”
A digital target on the back
“There’s a reason why pickpockets often target tourists as obvious victims of their misdeeds. Where the locals have their guards up, the tourists’ attention often hovers around in a jumble of new sounds, holiday plans, unfamiliar surroundings and strange places and faces. And when the victim’s focus is on everywhere other than the back pocket, handbag or backpack, they strike.
“Similarly, cybercriminals work with the perfect timing to get you to lower your guard and make a mistake in an inattentive moment. Such a perfect time could very well be in a moment when your brain has assessed that you are safe and that everything is fine, like when you are sitting on the sofa relaxing, relaxing after a nice day on the slopes, or lying by the pool and getting a natural shot of vitamin D.
“Limited attention and a lack of risk thinking can have major consequences if, for example, you overlook small warning signs in a phishing email or accidentally send sensitive information to the wrong recipient.
“Of course, you can – if necessary and required by your workplace – check and reply to your work email when you are on holiday. But there are a number of precautions you should think about before logging in from the chaise long.”
Five precautions for the holiday
“What you learn about cybersecurity and online safety at work doesn’t stay at work. These valuable skills protect you everywhere, from your home computer to your smartphone. Cyber threats don’t clock out when you do, so carry your security knowledge with you. By doing this, you’re better equipped to spot and avoid scams, keeping yourself, your loved ones, and your organisation safer online, even when you are on holiday. Think of your security awareness training as a toolkit for navigating the digital world, no matter where you find yourself. Keep these five precautions in mind while on holiday:
1. Avoid falling into the “I just need to check” trap
It can quickly become a slippery slope to log in and check your work inbox during the holidays. Instead, you should set aside fixed times for this if it is necessary and a requirement that you keep an eye on the inbox. Make sure that you choose times when you can give your full attention to your emails and not have distractions around. Ideally, you would not have to check your inbox at all because jumping between holiday mode and work mode makes us more susceptible to phishing.
2. Use a VPN
If you need to log on to a public network (for example, at a hotel, reception, or airport), always use a VPN. This encrypts your connection and protects your data from hackers who can monitor network traffic.
3. Pay extra attention to phishing attempts
Remember your cybersecurity training and keep an eye out for suspicious links, attachments, and unknown senders. If you are in doubt whether it is really your colleague or business partner who is writing to you, you can send a new email and start a new thread where you write that you just want to be on the safe side before replying.
4. Use strong passwords and multi-factor authentication
Should the accident happen, and you accidentally share your login information, multi-factor authentication (MFA) will be able to prevent hackers from gaining access to your account. If you don’t already have multi-factor authentication for your accounts, it’s a good idea to get it as soon as possible. It’s more of a hassle to clean up after an accident than to spend time avoiding it.
5. Don’t store passwords in your browser
While it may seem like a convenient service for your browser to help you remember your passwords, it can potentially be disastrous. If your device is stolen or compromised, you’ve involuntarily given hackers a horseshoe and made their job easier. Instead, use a password manager to secure your information.”
For more cyber news, click here
