It’s easy to relax and let your guard down while you are traveling. However, the financial industry is always a primary target for cyber criminals. So, whether you are traveling for work, pleasure or both, it’s critical to maintain cyber awareness while you are on the road. Just as we help our clients by making them aware of specific cyber risks, we’d like to raise your cyber awareness by presenting a few thinking points for you to consider while attending SALT 2017.
TIP #1 – BE AWARE OF YOUR SURROUNDINGS
THREAT: As you know, SALT 2017 will be held May16-19 at the Bellagio Hotel in Las Vegas. What you may not know, is that directly across the street from the Bellagio, there is a Tech/Security Conference going on at the same time. This conference will feature workshop titles including: “Anatomy of a Hack,” “Security Awareness Isn’t Enough,” “The Simplicity Of Being Malicious,” “We Told You. You Didn’t Listen. Now What?,” “Live Account Takeover Hack,” and “Rise of Cyber Hunting.” It is common for attendees of security conferences to practice newly learned techniques on nearby victims (especially with SALT’s caliber of attendees), so you need to be on high alert for potential attacks. Yes, this means the possibility of personal cyber attacks that can affect you and ultimately your entire company.
DEFENSE: Although most of these would-be hackers won’t be malicious they will want to gain some real-world experience. You should be aware of this and speak with your company’s cybersecurity expert, not IT, to discuss your attack vectors and how to mitigate them.
TIP #2 – CONNECTING SAFELY TO PUBLIC WIFI
THREAT: Public WiFi is a wonderful playground for hackers. It is too easy for most entry-level hackers to set up a rogue access point (AP) in the middle of a hotel conference or even poolside. Rogue access points allows the hacker to capture all your sensitive traffic, while making you think you’re connected to a safe hotel WiFi in what’s called an “Evil-Twin” attack. If you are infiltrated by an Evil-Twin attack, not only can your devices be accessed, but it can lead to later attacks – including access to your company’s network.
DEFENSE: It is highly recommended to use a VPN (personal or company) any time you are connected to a public WiFi. If you don’t currently have access to a VPN, place extra care care to confirm that you are connected to the correct network (be sure that you are connected to the appropriate WiFi network and ask for help from the hotel or other venue as necessary). It is also advisable to turn the the WiFI Auto-Connect feature off on all your devices – especially when traveling.
TIP #3 – NETWORK SAFETY
THREAT: Well attended conferences with high level executives, like SALT, are important networking events to meet new business contacts. However, they are also prime targets for cyber criminals to seek prey. Cyber criminals often use networking event seek information from unsuspecting targets to construct more detailed and believable future social engineering attacks.
DEFENSE: Network freely, but use common sense. Be careful not to share too much information with new “friends” especially late night in bars, night clubs and casinos and don’t be afraid to use Google or Linkedin for recon or to connect with new contacts.
TIP #4 – IS MY MOBILE DEVISE SAFE FROM HACKERS?
THREAT: Regardless of whether you are watching Ben Bernanke at the conference, or attending one of the many after hour networking opportunities be cautious when unlocking your phone. Most hackers can identify your phone pin (unlock code) which are often the same, or similar, to your bank pin and/or other system passwords. Once hackers have your pin, it’s often easy to steal your phone, laptop or which, to be honest, isn’t too difficult on stage on an auditorium stage (as Apollo Robbins shows in his Ted Talks “The Art of Misdirection”), let alone in a crowded hotel, casino or other busy public place. With your device and password gone, your crafty cyber-criminal could have access to your personal data, client account information and/or company trade secrets.
DEFENSE: The last thing you probably want to do is spring for a hacker’s extravagant Vegas trip. If not, you should make sure you have a Mobile Device Management (MDM) system in place so you can lock and/or wipe any lost device. You should make sure all of your devices are properly secured at all times. Too many professionals have lost phones on a charging station or gaming table or a laptop at coat check.