How does your vacation affect your security?

Vacation is a time for visiting friends and family, going abroad, eating ice-cream, gardening – whatever helps you regroup and recharge. Computer security is probably the last thing on your mind, even if you’ve taken your laptop home with you to keep tabs on what’s going on at the office.

But as my colleague Christian pointed out in this article last year, summer often brings some serious security issues. And I’ve got recent further proof of this: just a few weeks ago I was attending our annual security conference at a very classy hotel in Cyprus. Everything seemed perfect – until we connected to the hotel Wi-Fi.

If you’ve ever taken your laptop with you on business or vacation, you’ll know the drill. When you want to connect to the Internet via a hotel network, you get redirected to a site controlled by the hotel’s router. You need to either enter a code provided by the hotel, or your credit card details – all on a site which may or may not be secure.

In Cyprus, we found out that the page you get redirected to when you try and access the Internet was infected with Gumblar. The hotel was lucky to have 30+ security experts staying there – but if we hadn’t been holding our conference there, the site could have stayed infected for quite a while!

Logging on via insecure connections isn’t the only seasonal security issue. People’s computer and online habits change when they’re on holiday – they tend to use their computers less, and in short bursts, just to get the information they need. For instance, you’ll often see people logging on for ten minutes to quickly check email, download maps or details about the places they’re planning to visit, etc.

If you’re quickly checking for some information that you need via GPRS or a slow Wi-Fi connection, you’re probably not going to bother updating your antivirus or installing security patches. You might rationalize your decision (if you even think about it) by telling yourself that you don’t go to dodgy sites which are likely to be hosting malware. But our experience in Cyprus really highlights the fact that malware is everywhere.

Ignoring security patches and antivirus updates while you’re on vacation means that if you log on, you are putting yourself at risk. And when you get back to work after two, three, or even four weeks off, if you haven’t been using your computer, the very first thing you should do is make sure that it’s fully patched, and security software up to date. Of course you want to get to all the funny YouTube links etc. that your colleagues sent while you were away – but update before you start checking your mail or clicking through links and attachments.

Insecure networks, infected sites, and vulnerable software and systems are all technical aspects of IT security. But apart from all the technical stuff, lots of people are giving out far too much information on Facebook, Twitter, and even in their Out Of Office replies. Posting that you’re off to some exotic resort for two weeks is almost an open invitation to burglars and other criminals to come and rifle your property while you’re gone…

Simple tips on how to have a more secure vacation

Before you go

  • Don’t write on your social network that you’re going on holiday!
  • Make sure you’ve got all the latest security patches installed, including patches for third party applications such as PDF readers, browsers, chat programs, etc.

While you’re away

  • Make sure that your antivirus is up to date. You never know what might be lurking on the network!
  • Use common sense – don’t enter credit card details or passwords unless it’s essential, and only if you’re confident the network is secure
  • If you’re paranoid, disable programs that autostart such as Skype or MSN – you wouldn’t want someone to steal your passwords over an insecure network.

When you get back

  • Make sure you scan and patch your work computer before you start reading emails and working.

  • How does your vacation affect your security?

    Your email address will not be published. Required fields are marked *



    APT trends report Q1 2024

    The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

    Subscribe to our weekly e-mails

    The hottest research right in your inbox