We in the security field are very much aware of the risks posed by connecting to the Internet when not at home or at work. When designing a secure network, it is common for security people to describe the Internet as “the Wild West” and in many ways this is a very apt analogy.
Security practitioners argue all the time (one view | opposing view) about the usefulness of end-user awareness training. While I argue in this blog that we need to try to design security so as to be transparent as possible—so that people don’t have to think about it—that can only be taken so far. We need our users to help us help them be secure. If they don’t know something could possibly be a risk and we can’t build in automated protections, they can’t make good choices.
If you’re not in the field you probably haven’t heard of rogue WiFi points, man-in-the-middle or “evil twin” attacks via public wifi (some even perpetrated by the service provider themselves), compromised hotel routers, evil irons (seriously – hotel irons that ship with malicious WiFi hot spots for hotel guests to connect to, giving the bad guys man-in-the-middle access to any connected device), rogue femtocells (like WiFi hotspots, but providing a 3G or LTE signal for phones to connect to), malicious USB charging stations (“juice-jacking”), malicious e-cigarettes (preinstalled with malware designed to infect your computer when you charge them via USB -- a possibly apocryphal story that is a valid cautionary tale none-the-less), or the fact that pretty much all legal and constitutional protections against search and seizure are suspended at customs checkpoints – this is just as true at the U.S. border for U.S. citizens as it is at customs for any other country.
For the road warriors in your enterprise, or even for people who only periodically travel on behalf of the company, we can provide services to help keep them and the company’s data safe.
- Loaner laptops can be available for people who travel internationally. These can be a standardized, security-hardened operating system running on an encrypted hard drive. Ensure that the device requires a VPN connection back to the home network, before allowing any application to connect online. Users can load just the files they need for the trip. Such systems can help protect company data, and reduce the impact of malware contracted overseas, theft of the device, invasive searches by customs officials, and a host of other problems. Even better, the device can be wiped and re-imaged when it gets back so, if it does get infected during its travels, it cannot infect other systems.
- Loaner MyFi mobile hot spots allow people who are traveling to connect to a device that has been set up and configured by the company, not a hotel or restaurant. (When negotiating at the corporate level, such devices can be very cost effective.) In cases where the company provides the phone, users can be allowed to turn on phone tethering when needed.
- Distribute inexpensive devices to block juice-jacking. This will raise awareness of the issue and give people a means to protect themselves.
If you include a well-designed flyer (to appeal to the old-school among us) and a “welcome” email (for the rest of us) with each of the above explaining not only how to use the tool, but also what it helps protect against, you raise general awareness of the related security issues. People take that knowledge with them wherever they go and it can help inform their personal choices as well as professional ones. Simple, easily-accessed tools combined with the understanding of why they are needed helps provide our people with more convenient security.
This article is published as part of the IDG Contributor Network. Want to Join?