If I wanted to hack your e-commerce business, I’d have your help. It’s a fact that no one runs a business from one location (or one computer) anymore. In today’s world, work gets done everywhere — in offices, in homes, in hotels, at airports, and while sipping mocha and siphoning Internet connectivity at coffee shops.
Security risks increase when your business moves outside the safety net of your main workplace. Mobile executives carry sensitive data around with them and oftentimes open it up to vulnerabilities just for the sake of convenience.
It all seems perfectly innocent — connecting to wireless Internet in your hotel room, or synching up to free WiFi in a restaurant just to get a little work done. Convenient? Yes. Necessary? Sometimes. Is working remotely a down trending habit? Absolutely not. And so, we must learn (and educate our workforce) about how to work remotely more safely.
Protecting your mobile workforce is essential to protecting your business. It can be accomplished — or at least done more successfully — by following a few simple tips to help keep your business safe from hackers, no matter where you go.
Stay Off the Free, Open Wireless
More and more public places are providing free, or shared, wireless Internet. These open networks are dangerous. They’re risky for personal communications, but they are absolutely not suitable for conducting business without protection.
When jumping on public shared wireless connections, it’s essential to do so using a secure VPN connection with the latest encryption methods. This will funnel all your online activities (email, surfing, chat, etc.) through this secure connection, so prying eyes can’t see what you’re doing.
As an alternative, carriers offer mobile broadband services available for a reasonable monthly subscription. Spring for the mobile Internet access card. It’s a small expense for what you get in exchange — the ability to conduct business more securely outside the office.
Bonus Tip: Turn off your wireless connection at all times when not in use, so you are 100 percent sure about when you are connected to the Internet. If you’ve previously connected to default network names (like Linksys) then anytime that network name reappears at another location, you will be automatically connected to the network opening you up for risks.
Let Hardware Do the Hard Part
We’re joined at the hip to our laptops, iPads and other mobile gadgets. These crafty handheld devices help us work more effectively, and their processing capabilities and compatibilities increase every day. There’s no turning back from the convenience they provide, and believe me, we wouldn’t want to, because the benefits in most cases far outweigh the risk.
Next time you’re packing for a trip, or just to work remotely for the day, think twice about your hardware requirements.
Use a “travel only” laptop: a stripped-down version of your regular workhorse but with limited history and minimal applications installed. Of course, passwords and all the “conveniences” of your regular machine won’t be readily available, but do you really need it all when you’re on the road? For some trips, perhaps — but always weigh the risks against the convenience.
Use Web access rather than physical software for email when possible. Obviously, this is more convenient if you subscribe to the “travel only” laptop model. Either way, take pause to consider all the confidential information that may be stored on your physical machine’s email software if it should fall into the wrong hands.
Clear the browser history every time you close Safari, FireFox, Chrome, etc. If anything, this will make it more difficult for cyberthieves to retrace your steps.
Don’t store documents, presentations, spreadsheets, PDFs, etc., locally. Always connect to your designated location on an approved network, and put your information there. The goal is to make your physical hardware as useless as possible. This way, if your laptop goes missing, none of the important information goes with it.
Don’t store or “remember” passwords, type them in every time unless you want to give unlimited free passes to cybercriminals.
Don’t leave home without “lojack-like” software that can wipe the contents of your mobile device. This provides an extra layer of protection in case your phone or laptop falls into the wrong hands.
Antivirus software can be installed on most laptops. There are several reputable virtual security companies that provide reliable services.
Pull the Fire Alarm
Two-factor authentication — aka 2FA or “the fire alarm” — provides an additional layer of protection and awareness for user systems. It’s incredibly simple, affordable and effective, so there’s no excuse to not have this service for your users 100 percent of the time, but it can easily be enabled for users on the road.
It works like this: When (stolen or legitimate) credentials are successfully entered into a login prompt, the “fire alarm” software places a phone call to the authorized user to 1) alert the authorized user that a designated system is being accessed and to 2) retrieve a secret pin and complete the authentication. With this service enabled, attempted security breaches can be identified quickly, snuffing out suspicious activity before a full-blown crisis ensues.
Watch Your Back, Jack
Your coffee cup is empty, so you grab your wallet and ask the nice person next to you to “watch” your laptop while you go refuel. For an experienced cybercriminal, it takes just second to grab some data off your computer, phone or tablet — and lesser skilled (however, not necessarily less malicious) hackers could just grab your goods and run. Thieves are everywhere, and they park themselves in places where people work for this very purpose.
The coffee shop isn’t the only crime scene. Airports, car rental shuttles, hotels, and the back seat of your car are equally susceptible to theft. Check your bags at every turn. Make sure you’ve got the correct luggage, and account for all your personal and professional belongings. Report any stolen items to the police and your IT staff at once.
Be Responsible. Your Business Depends on It.
Anytime you’re doing business on the road without security in place, you’re open for business, but for the wrong customers. You wouldn’t take your customers’ money and let it hang out of your pockets for anyone to grab would you? By leaving data access points open to hackers, you’re essentially doing just that.
Be conscious of how easy it is for hackers to take your company’s valuable information. Take the time to ensure that your company — and your customers’ data — is always protected and accountable, no matter where you are in the world.
Chris Drake is CEO and founder of FireHost which delivers enterprise-level secure Web-hosting solutions to SMBs.