What makes holidays so interesting for hackers?
It is the holiday period again. This is a period in which you, your colleagues and your business relations enjoy their well-deserved holiday. A lovely thought. Not only for you, but also for cybercriminals. Both the home and the office are unguarded for a moment, and the country is overflowing with tourists for who security does not top their priority list during this period. A golden opportunity for hackers and malicious parties.
As a hacker, you prefer to perform an attack when its chance of success is greatest. The holiday season is perfect for this. During this period, there are fewer people in the office, so the chances of someone noticing you and responding to it are simply smaller. But how does a hacker know which employees are out of office, for how long and how to abuse this? Unintentionally, we often help them with this. Think, for example, of Out-of-Office emails. “Dear, I am absent until … . For urgent matters about project … you can contact my colleague … by e-mail … or phone …”. It may seem harmless, but you tell the hacker exactly until when you will be absent, what project you are working on, who your colleague is and how they can reach out to him or her. Hackers write a nice email to your colleague and with a bit of luck he or she helps the hacker one step further.
In this article, we will provide you with a number of important tips to ensure that you and your organization are optimally protected during this holiday period and that you will not unintentionally open the door to malicious parties.
Leave your organization safely behind
To start with, we have two important tips for leaving the organization safe during the absence of you and your colleagues. Many employees are leaving and are therefore difficult to reach. This also applies to the IT staff and security specialists within the organization. If something suspicious happens within the organization or you see someone trying to break in, you normally knock on their door right away, but what to do if they are not there? What is plan B? And that is also our first tip; make sure you have a plan B. Make a clear plan that the employees can follow in the event of a crisis situation. What should they do? What steps do they have to take? And who can they consult if the experts within the organization are not available? Forewarned is forearmed.
Our second tip is about the previously mentioned Out-of-Office emails. It is important to make employees aware of what information they should and should not include in these emails. When you go on a holiday, you also do not put a note on the front door that reads:"I am not at home until ... so I cannot open the door for you. If you still want to go in, our spare key is under the doormat". It is also important not to put this note on your digital front door. Otherwise, you would make it very easy for malicious people. So what should you do? Especially for external Out-of-Office emails, it is important to think carefully about the information you give to recipients. It may be useful for your colleagues to know who they can contact during your absence and how, but for external contacts, in many cases an"info@ ... .nl " email address is sufficient. Internally, it will be made sure that the email reaches the right person. In addition, make sure that the relevant people outside the organization are aware of the ongoing projects so that you do not have to mention this in your Out-of-Office emails. The less information you provide, the less likely it is it can be misused.
Enjoy your holiday safely
Now that you have left the organization safe, you can finally enjoy your well-deserved holiday. But also before you leave and at the holiday destination itself, it is important to pay attention and to be aware of the possible dangers and risks. We have listed five tips for you to ensure that you are well-prepared for your holiday.
Firstly, it is important to think twice before connecting to public Wi-Fi networks. Especially when on holiday, there is a great temptation to connect to all kinds of WiFi, but not every public WiFi is safe. So do not just log in to your bank's mobile application here, because you never know who is watching you. Also check in advance whether you can safely use 4G or 5G at your holiday destination. And if you still want to use public WiFi, preferably use a VPN.
Secondly, it is good to check before you leave work whether you are allowed to take your business mobile phone and laptop with you on your holiday. In many cases, they contain confidential information and it is important to handle them with care. If you take these devices with you on your holiday, it is therefore important not to leave them anywhere. Keep them in a safe when you go out or spend a day sunbathing at the beach or by the pool. It is also important to think carefully about this when you go camping. Make sure that not anyone can just unzip your tent and take your laptop and mobile phone with them.
But what if your laptop or mobile phone is stolen despite all the measures taken? It is important to prepare yourself for this. After all, it can happen to anyone. A good preparation is essential. Make sure you have made backups of all your devices. Is your mobile phone or laptop stolen? Or did you accidentally drop them in the pool? Then you will not lose the information and the documents that were on them.
Our fourth tip concerns your passport. When you go on a holiday, it is important to handle your passport safely. For example, do not just hand it over to anyone who asks for it, because not everyone has good intentions. Make one or more copies of your passport that you can hand over during your holiday, and keep your original passport in a safe. In addition, the same advice applies here as with the Out-of-Office emails; do not give people more information than necessary. For example, it is important to make your citizen service number illegible on the copies of your passport. It is also wise to place a watermark over your passport stating that it concerns a copy. This reduces the chance that malicious parties will abuse it.
Our fifth and final tip is about using social media before and during your holiday. You probably want to share with your friends and family how beautiful your view is, how delicious the food looks and how nice the pool is, but be careful with the holiday snaps you share with the world via social media. Everyone can see this, even the people who are only too happy to abuse this. “If he or she is in that sunny holiday resort, then his or her house is empty”. But it can also be abused in other ways. Think, for example, of the many spoofing attempts via WhatsApp that you see nowadays. “Hi Dad, my phone and bank card have been stolen in Country X and I still have to pay a bill in HOTEL Y. Can you transfer some money to the account number … of my friend Anna de Jong? Greetings Emma" .You can easily obtain this information via social media. But the information is correct, so it should be all right, your father thinks. So be careful what you share on social media. Malicious people are getting smarter and they seem more reliable. You may recognize spoofing immediately, but do your parents or grandparents recognize this too? Before you leave, discuss how to contact each other if something is wrong.
Finally, we would like to wish you a happy holiday. Enjoy the sun, the beautiful nature and the versatile culture. But stay alert and make the right preparations. Just because you are on a holiday does not mean hackers take some time off too.