A recent study by ELVTR, an online learning platform, has revealed concerning vulnerabilities among UK workers during their summer vacations. The study of 2,300 people, revealed that 64% of workers keep working during their vacations. According to the study, 1 in 4 workers reported being asked by their employers to check their emails while on vacation, perpetuating risky behavior.
These actions can have severe consequences for both employees and their employers, as emphasized by cybersecurity expert Nazar Tymoshyk, CEO of UnderDefense. Engaging in remote work through personal laptops and connecting to hotel Wi-Fi networks exposes workers and businesses to significant security risks, including data breaches, identity theft, financial losses, and reputational damage.
Tymoshyk highlights two major security risks: rogue access points and website spoofing. Rogue access points are fake Wi-Fi networks set up by attackers in public places like hotels, resembling legitimate ones. When users connect to these rogue networks, cybercriminals can intercept internet traffic, potentially gaining access to sensitive data. Website spoofing involves cybercriminals redirecting users to fake websites that closely resemble legitimate ones, leading to phishing attacks and compromised accounts.
The potential consequences are severe for both workers and employers. Workers risk exposing personal and corporate data, leading to identity theft and financial losses. For employers, the stakes include the theft of sensitive data, business disruptions, and reputational damage.
Tymoshyk emphasizes the importance of mitigating risks while working and traveling: “Using a reputable Virtual Private Network (VPN) to encrypt internet traffic, enabling Two-Factor Authentication (2FA), and keeping all software up to date are crucial steps in protecting sensitive data and minimizing potential cybersecurity threats.”
In case someone suspects they have used insecure Wi-Fi networks during their trip, Tymoshyk advises the following immediate actions: “Changing passwords for all important accounts, monitoring financial statements for suspicious transactions, performing a thorough scan of personal devices with reputable antivirus and antimalware software, enabling account notifications for unusual activities, and consulting with cybersecurity professionals or IT department for further guidance are vital to swiftly respond to potential breaches and safeguard against cyberattacks.”