A knowledge of digital security is vital for living and working in the modern world. Unfortunately, even if you have learned ways to stay digitally secure, it can be easy to forget to apply them when out of the office. Whether commuting for business or leisure, staying digitally secure while on the move can be more complicated than it is at home or in the office!
With so many people having been working from home for a while due to the pandemic, many digital security measures have become a little rusty. If you are wondering how to keep your devices, software and confidential information safe while commuting back to the office, or working remotely in public spaces such as cafes or libraries, we have put together this handy guide to remind you.
How secure are public networks?
When commuting or working in a public space, you are much more likely to use publicly-accessible Wi-Fi networks, such as those offered on trains or in cafes.
Over half of respondents to a survey by Norton reported using a public network to access personal email or social media accounts, with most believing this to be secure and less than half knowing how to identify the security level of a network. However, according to a survey carried out by Kaspersky, almost 25% of public W-Fi hotspots use no form of encryption whatsoever.
Although you may expect older generations to be more at risk, it was in fact millennials who shared the most information over public Wi-Fi networks, with a staggering 95% having done so!According to Verizon, almost half of all data breaches are breaches of web applications—the kind commonly accessed by commuters using unsecured public Wi-Fi networks. As the number of companies incorporating remote working models has increased sharply since 2019—in response to both the pandemic and technological advancements—web application breaches have doubled in this short time.
Why do hackers target commuters?
It is well-known that people who travel around the world are often targeted by thieves or scammers. However, this does not apply only to people travelling overseas. Any daily commute or public space can leave you vulnerable to hackers; even the bus home from work or the cafe down your street!
There are a few reasons why commuters are often at greater risk of hacks and data breaches.
1. Your digital security may be more vulnerable outside of the office
Not only can it be easy to forget company security protocols when on the move, but it is also common for company smartphones and laptops to lack the powerful cybersecurity software installed on the office computers. You are also much less likely to be connected to your company’s internal network—which is usually more secure than those you may connect to out of the office—when out in public.
In addition to the potential lack of cybersecurity software, your devices can also be much more visible than at home or in the office—both digitally (e.g., on public WiFi networks) and physically (e.g., if you are using a laptop on a train or in a cafe).
2. You are likely to be less aware of your surroundings
Places like busy train stations or airports can be overwhelming, and thieves can take advantage of commuters, especially those in a rush! Less stressful spaces—like the cafe you visit every lunch break—can also carry risks if you let your guard down. You may be so comfortable with your armchair and latte that you forget to be vigilant.
3. Hackers / thieves are less noticeable in crowds
Hackers often target public places that draw crowds, especially in areas where commuters are likely to be carrying devices with sensitive company data stored on them. They may even target specific individuals by observing them over time and learning their daily commuting routines!
Whether physically stealing devices or hacking into them, theft can be much easier in public than it is to gain access to devices or data in a locked office or home. What’s more, thieves can disappear without a trace in busy public places before the target even knows a theft has occurred.
Digital travel security: risks and preventative measures
There are numerous specific digital security risks that commuters and travellers face. Here we have listed the main ones, and what steps you can take to address them.
1. Hardware theft
Theft of physical devices such as smartphones and laptops is a particular danger to look out for when in public. Be wary of pickpockets (storing your device in a closed bag or case can be better than keeping it in a loose pocket when it is not in use) and don’t leave your device unattended (that includes in your locked car!) or with someone you don’t know and trust.
2. Unauthorised access of unattended devices
Unattended devices such as phones or laptops are prime targets for hackers and thieves. Not only can a thief access the data stored on the device, they may also be able to use your device to hack any MFA measures you have set up to protect your company's systems.
To help prevent this avoid leaving devices unattended unless absolutely necessary—don’t trust the librarian, ticket inspector, or cafe owner to guard your belongings!
Always remember to lock your device before leaving it with someone you know and trust, and don’t have your password written down somewhere (physically or on a word processor or Notes app) easily accessible.
3. Shoulder surfing
“Shoulder surfing” is when people look at your device screen over your shoulder. Many of us find it rude when someone reads over our shoulder, but if you are interacting with potentially sensitive data or putting in a password then it can be more than just an annoyance.
If you need to use your device in public, you can stop people shoulder surfing by tilting the screen away from them, positioning yourself so that a wall or other barrier restricts others’ view, or using a screen filter.
4. Private conversations
It is not just shoulder surfers that you should be aware of. Spoken conversations can also be a potential security risk. Do not share or discuss private information over the phone when in public. You never know who could be eavesdropping!
5. Data interception
Publicly-accessible Wi-Fi may seem convenient, but it can often be insecure and vulnerable to hacking. When possible, avoid using public Wi-Fi. If you do need to use public Wi-Fi or hotspots, always access confidential information via your company’s virtual private network (VPN) so that any data transferred is encrypted. A VPN is recommended even for non-work-related tasks carried out online!
Another way that data can be intercepted is through a Rogue Access Point (often known as an Evil Twin). These access points often appear legitimate from the SSID—however, they are used by hackers to impersonate a legitimate network. A good way to mitigate against this is by verifying the network name with the hotspot provider and, as always, using a VPN to encrypt traffic.
6. Insecure third-party USB ports
USB charging ports, such as those in airports, can be used by hackers to access the information of any device using that port. Avoid using these when possible—make sure your devices are fully charged before you travel with them, and if you do need to charge your device then consider investing in a portable charging bank, or using a physical wall plug to charge through the mains instead.
7. Bluetooth and Wi-Fi sharing
Bluetooth and Wi-Fi sharing are also channels that can be targeted by hackers and thieves. Before travelling, always remember to disable Bluetooth and turn off Wi-Fi sharing on your device to protect against yourself being discoverable on any public-facing network.
If you need to share data with another device (e.g., a colleague’s laptop while you work together in public), a PAN—or Personal Area Network—may be a useful solution. PANs usually consist of only two devices, such as connecting two Laptops together via Bluetooth. While they can remove the need for using public networks, it is important to make sure that a PAN is itself secure and only accessible by those authorised.
8. HTTPS Encryption
If you do need to enter sensitive information into a site or app when in public, always make sure that the site or app encrypts information using HTTPS (the HTTP protocol with added encryption from TLS/SSL). If a site or app does not use this encryption, hackers could potentially access sensitive information in cleartext form using packet sniffing.
9. Social media
Careless use of social media can be taken advantage of by unscrupulous individuals. Don’t post your location on social media when working—not only can this give competitors clues into your business dealings, but it can also leave you open for a spearphishing attack (a personalised phishing attack directed solely at one person).
Posting your location on social media could also result in data leakage, especially if you're in the location for a confidential or private reason.
Why should you take preventative measures?
It is essential to take preventative measures to protect your data while on the move. Data breaches can result not only in invasions of privacy, but also in the theft of funds from bank accounts. In some cases, you may not even know your data has been compromised until much later in time.
Staying digitally secure while travelling is especially important if you are carrying out work-related tasks, either on your personal devices or using those belonging to the company you work for.
If a security breach occurs as a result of you neglecting company security protocols, you may be considered liable for the breach yourself. Data breaches can seriously negatively affect the reputation of the company you work for, and result in a loss of revenue. The last thing you want is to be held responsible for losing the company money!
In addition to the bad publicity and loss of business that can come from insufficient digital security, there can also be potentially severe legal ramifications. Not following data protection legislation such as GDPR can put companies at risk of legal action from clients or customers. Compliance with data protection policies and legislation is perhaps the Number One reason to take preventative measures to protect digital security.
If you do not follow all device software and data protection policies and procedures your company has put in place, you can get into a lot of trouble with your superiors and even potentially lose your job!
Any company should have a cybersecurity policy. If you are in doubt about the safety of any action using company devices while travelling, you should check with your superiors first. Your company may even have a Data Protection Officer who is qualified in all matters relating to digital security.
What should you do if sensitive information is breached while you’re travelling?
Unfortunately, data breaches can sometimes occur even if every preventative measure has been taken. In the event of a data breach for any reason while you are travelling, it is important to read your company’s policy on device, software and data protection and follow the necessary steps.
Inform your company’s IT team and your line manager immediately so that the appropriate steps can be taken. Your IT team may require additional information on what could be potentially leaked, so they can address this accordingly. Make a note of the time you noticed the information breach and what you believe may have been the reason for it.
You may be embarrassed or worried about the reaction, but attempting to cover up the breach can make things even worse and even potentially land you in legal trouble! Transparency is always the best way when it comes to addressing a breach and carrying out damage limitation.
If you notice anything suspicious about the way your device is functioning during or after using it in public, you should also notify your IT team—it’s better to be safe than sorry!