Digital Shark Attack - How to keep safe in the digital ocean

Thanks to Richard Rayner, an external cyber security expert, who has kindly written this article for us.

Recent estimates are that there are 150 beaches worldwide that have shark nets to protect swimmers. Whilst they may be controversial from a conservation perspective, the security they offer swimmers provides great comfort.

With the brightly coloured floats on the surface, it’s easy to see when you are swimming within the nets, and when you have left the protected zone wandering out in the open ocean and are vulnerable.

Unfortunately, in the digital world, it’s not quite as clear whether you’re swimming inside or outside the safety zone. In the office, you (hopefully!) have a firewall, which keeps all the bad internet traffic out and only lets the safe traffic in. But what happens when you’re out of the office, in a café, airport, or more commonly, at home? What keeps you safe then?

It can be easy to assume that everything is safe because we are still using the same device at work, so surely, we’re still protected. Not so.

Here are the types of digital sharks you can experience, out in the wild:

1. Legitimate, but unsecured networks

One of the most common risks when using devices outside the corporate network is connecting to unsecured Wi-Fi networks. Public Wi-Fi, often found in places like cafes and hotels rarely encrypts data, which makes it easy for cybercriminals to intercept sensitive information such as passwords, financial data, and corporate secrets. The risk even extends to potential identity theft, compromising your financial information, as well as the company’s.

2. Fake networks

Away from the corporate network, devices are more susceptible to phishing and social engineering attacks. Cybercriminals often create fake Wi-Fi networks in popular locations that mimic legitimate hotspots to

lure unsuspecting users. Once connected, users can be tricked into entering login credentials into phishing sites or inadvertently downloading malware. These attacks can be particularly effective in places where large numbers of people expect free Wi-Fi access as a norm.

Cybercriminals often create fake Wi-Fi networks in popular locations that mimic legitimate hotspots to lure unsuspecting users.

3. Loss of Physical Device Security

The physical security of devices also becomes a concern when away from the secure environment of an office. The likelihood of theft or loss of devices is significantly higher, which can lead to unauthorized access to confidential company data. Password-protected devices can be compromised if the thief has the right tools and enough motivation.

4. Lack of Regular Security Updates

Corporate networks often enforce regular updates to devices connected to them, ensuring they are protected against known vulnerabilities with the latest security patches. When devices are used outside these networks, there is a risk that they are not regularly updated. This makes them vulnerable to newer forms of cyber-attacks that exploit outdated software.

5. Cross-Contamination Through Personal Usage

Devices used both personally and professionally can lead to cross-contamination. Personal use often involves activities with higher risk levels, such as downloading software from untrusted sites or accessing personal emails that could contain malicious links. Once compromised, these devices can introduce malware to the corporate network the next time they connect, even remotely.

Keeping safe in the open ocean

We can’t spend our whole lives in the office, so how do we balance our need for security with our need for mobility? Here are some good tips for keeping you safe, and providing a digital shark cage, no matter where you’re swimming:

1. Implement a device-level firewall or security monitoring software.

Rather than have a firewall that protects your whole network, you can install a firewall that protects just your device. This means that the protection you need goes with you wherever you go, no matter what network you connect to, you’re still protected.

2. Use a Virtual Private Network (VPN)

Another approach, which works especially well when connecting to systems served from your physical premises is a VPN which extends a private network (i.e. your office) across a public network (i.e. the world). It’s a bit like creating a tunnel from your computer to the office, that only you are allowed to use.

3. Enable Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring not only a password and username but also something that only the user has on them, i.e., a piece of information only they should know or have immediately to hand - such as a physical token or a smartphone code. This helps protect sensitive data even if the device or password is compromised.

4. Maintain Physical Control Over Devices

Always keep devices within sight and secure them physically when not in use. Devices should be locked with strong passwords, and when possible, use biometric safeguards such as fingerprint recognition technology. Additionally, consider using tracking software to locate lost or stolen devices quickly, and implement technology that can lock, or wipe your machine if lost.

5. Regularly Update Software

Ensure that all software on devices, including operating systems and applications, are up-to-date. Most modern devices can be set to up to date automatically, which can protect against vulnerabilities that cybercriminals exploit in older software versions.

6. Educate Employees

Educating employees about the risks and proper security practices when using their devices outside the corporate network is essential. Regular training sessions can help instil good habits and help them feel confident in their use of mobile technology.