Phishing in the sun – ensuring cyber safety whilst on holiday

The summer holiday season is upon us, and while the weather in the UK is defying expectations by being reasonably tropical, most of us still want to escape to the greener pastures of the continent, and beyond.

However, alongside a towel, sunglasses and sun cream, it looks like our corporate laptops and smartphones will also be going into our suitcase, seeing as almost half of UK employees already use corporate devices at home (according to our 2017 State Of The Phish Report).

>See also: Major UK banks targeted by social media phishing scam

The end of EU Roaming Charges last month in June, 2017 also means that more of us will be logging into social media sites, and probably checking emails, than ever before. When travelling throughout the EU, mobile phone users will now pay the same price as they would in their home country, with no extra charges. Of course, this is brilliant news BUT it will definitely encourage risky cyber-behaviour that wouldn’t necessarily take place in everyday life.

Wombat Security’s recent 2017 User Risk Report identified some worrying trends that would potentially be exacerbated whilst we’re on holiday. For example, 65% of UK employees check and reply to emails on a corporate device whilst out of the office, and 36% use this same device to view and post to social media.

More worrying still, nearly 20% allow friends or family to view and post to social media sites from our corporate phones. “Why is this an issue”. Well, the report also found that around a third of workers, on average, don’t know what phishing is, and 58% of UK employees don’t know what ransomware is.

>See also: Ransomware top of the class for phishing attacks

This troubling lack of cyber-security knowledge will only diminish further in a holiday situation if, for example, an employee is chilling on the beach scrolling through emails after a few Pina Coladas, or if they’ve handed their corporate device to their 12 year old so that they can browse Facebook.

A corporate device is an extension of the network as a whole, and as long as users are using these devices via the web, for whatever reason, they are at risk of clicking on dangerous links, giving away sensitive data or logging in to WiFi that isn’t necessarily legitimate (which can be harder to spot if it’s in a different language).
Some top tips for staying safe whilst on holiday are as follows:

Think before you click or share

The ease with which we share our info, travels, and thoughts (and meals) have led us to share more data about ourselves, our families, and our jobs. Because social media platforms are free and readily available, the sense of “we’re all in this together” has bred a false sense of security among social networkers.

>See also: 77% of all ransomware detected in 4 industries

Cyber criminals are taking advantage by mining for information, creating imposter accounts to connect with unsuspecting users, and sending out phishing messages and malicious links. So, just make sure you’re aware of what you’re sharing (steer clear of publicly sharing common password question answers such as your mother’s maiden name, for example) and clicking.

Restrict your activities

When browsing the web using your data, or if you’re using an open WiFi, it’s important to limit your online activities. If you sign into email and social media accounts or make a purchase on compromised networks, attackers could easily log that information and use it for their own gain. It’s always best to refrain from logging into insecure sites or doing anything financial in nature (like making purchases or checking account balances).

If you absolutely cannot wait until you’re on a secure network to complete one of these riskier actions, the best thing to do is switch over to your mobile data. If you can’t do that, it’s critical to ensure that https is present in the web addresses you use — vs., for example. Many organisations now default to https because it helps secure the communications between you and the sites you visit.

>See also: 7 cyber security threats to SMEs and how to secure against them

In general, https is a valuable addition to any online session that requires you to enter private information, not just those over WiFi. It’s important, however, that you do not confuse secure communications with safe sites.

The more connected people become, the more important it is that organisations ensure end users clearly understand how to protect corporate and personal data. Many enterprises will invest in expensive security infrastructure, only to be breached by an employee sharing information freely on social media or clicking a phishing email when they are less switched on whilst on holiday.

Social engineering threats are only successful if users fall into the trap, so organisations must prioritise end-user risk management. The best way to do that is to deliver ongoing, in-depth security awareness and training: assessing knowledge levels, educating on key topics, reinforcing the message, and evaluating how much users have learned. So, the moral of the story here is, education is key.


Sourced by André Mouradian – Senior Manager, EMEA at Wombat Security 


The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...