Whether users connect to the internet from your corporate office or a quaint café in Paris, Cybersecurity threats are constant. And sadly, traveling puts devices at even greater risk. This raises an important issue for businesses to address: ensuring secure access when users travel.
We’ll break down the fundamentals of secure remote access and share tips for before, after, and during the trip. At worst, your users should come back with a sunburn — not catastrophic malware that spreads across your fleet.
What is secure remote access?
Secure remote access (SRA) refers to a collection of security measures that gives users network, data, application, and system access away from the office. Basically, it allows users to work safely outside the traditional confines of their cubicles.
Make no mistake: Secure remote access is important for any remote work, including work-from-home and hybrid arrangements. However, it becomes much more critical when a user travels since they have less control over their environments. Threat actors lie in wait to take advantage of distracted travelers. If any carefree vacation vibes creep into a user’s business travel, they may also put their standard cybersecurity precautions on the back burner, creating an irresistible window of opportunity for cybercriminals.
Your predeparture preparation should begin long before your user plans on traveling for business. Luckily, simply following best practices sets you up for success. If you’re on top of your cybersecurity program, you won’t need to do much to prepare users for business travel. But if you fall behind on your standard procedures, you may be in for a rough road ahead.
Implement strong security measures
Hopefully, you already have robust prevention, detection, and response capabilities. But if you don’t, now is the time to act. Your security posture will thank you. From a secure remote access perspective, the following measures come in handy:
Virtual private networks (VPNs) are the first topic to come up in virtually every discussion on secure remote access. And for good reason! These encrypted tunnels let your users connect to public Wi-Fi networks without leaving their data and IP addresses out in the open for the whole world to see.
Snagging someone’s password while they’re traveling isn’t that hard. When someone is working from a public place, bad actors don’t even need to go to the effort of installing a keylogger — they can just look over the user’s shoulder. Multifactor authentication requires one or more additional forms of authentication that aren’t quite as easy to crack.
Let’s make one thing clear: We love patch management. That’s probably pretty obvious at this point. But we have our reasons: Effective patch management helps address exploitable vulnerabilities before cybercriminals find them. Patches are an easy fix that can prevent a world of hurt.
When a user travels for business, it’s a perfect cue to shore up your defenses (if you haven’t already). Advanced antivirus and antimalware software are obvious must-haves. To take things to the next level, consider adding an endpoint detection and response (EDR) or extended detection and response (XDR) solution for enhanced detection, investigation, and response capabilities.
Single sign-on (SSO) allows users to sign on to multiple platforms with the same credentials. Since users log in only once per day, there’s significantly less risk of prying eyes watching their keyboards. SSO also makes it that much easier to use a strong password, which brings us to our next point.
A strong password is often the main hurdle between a cybercriminal and your valuable data. Your password policy should spell out requirements for length, complexity, and resets. A password manager can simplify enforcing your policy by generating secure passwords, eliminating the need to remember multiple passwords, and protecting against phishing.
Privileged access management
Privileged access management (PAM) limits and monitors access to critical resources, thereby limiting the risk of unauthorized access.
If you’re risk averse, it’s best to err on the side of caution — and that means encrypting data. When users travel for business, this security measure becomes infinitely more important.
If you encrypt data in transit, your information should be safe even if a malicious actor intercepts it when your user connects to a public network. You may also want to encrypt stored data. If the mobile device is stolen, that extra layer of protection could stop bad actors from getting their grubby little hands all over your sensitive data.
Give employees tools and training
Once the user is traveling, much of the burden of protecting against threats falls on their shoulders. Prepare them to be a lean, mean, threat-fighting machine with relevant policies, training, and tools.
Information technology policies
Your IT policy or corporate travel safety policy should include a section on remote access. While some users invariably rebel against guidelines, others at least try to comply. If nothing else, writing down your policies on paper clarifies your objectives (and the potential consequences of failing to meet them).
Cybersecurity training reminds users of how to protect your business from data security threats. Not only that, regular trainings help keep them up to date on the latest tactics to watch for.
Make sure all users have access to your virtual private network and know how to use it. While they should already be familiar with your VPN software, the occasional gentle nudge (or aggressive shove) to actually use it doesn’t hurt.
Assess the threat
Before your employees go gallivanting, assess associated threat exposure. Consider two main components: the location and the employee.
Location considerations revolve around how dangerous the destination is. Is there a lot of theft in the area? Is it a hotbed for hackers who might set up hotspot honeypots? With international travel, will the employee cross any borders where guards might insist on looking at their devices?
The employee’s role might also make a difference in the level of exposure should a threat actor gain unauthorized access. Consider what data and resources the employee has access to, and assess how a data breach could affect your business.
Don’t let your trust in your employees come back to bite you. Consider implementing restrictions before they travel to limit your risk. For instance, you might restrict device access so that the employee can get to only the company resources that they absolutely need during the trip. No one needs to look at all your information while traveling. You can also disable the user’s USB ports so that they don’t plug in a rogue USB device and unknowingly infect the computer.
Back up the device
You’re probably used to backing up devices on a regular cadence. We salute your diligence. But if an electronic device with business-critical data is about to hit the road, it wouldn’t hurt to back it up again. If the device is stolen, infected with ransomware, or otherwise compromised, maintaining a recent backup can help you continue business operations with less interruption.
Tamper protect the device
Picture this: Your user schedules a much-needed fun day during their business trip. They leave their laptop at the hotel. It’s logged out, so they’re confident data isn’t accessible. When they get back from their big day out, they’re happy to see that the computer is still there. That means everything is perfect, right? Nope.
During the day, a nefarious hotel employee came into the room and replaced the existing CPU with a malicious CPU. Now, that evil maid has unauthorized access to the system without you even knowing.
Let’s be real: This is a fairly unlikely scenario. But the fix is so easy that you might as well give it a go. You know the screws on the bottom of the laptop that you’d remove to access the internal hardware? Put a sticker over those bad boys. Then, paint around the edges of a sticker with some glittery nail polish. Take a high-res photo as a reference. Now, if someone tampers with the internal hardware, you can tell at a glance.
Establish a main point of communication
Spreading communication across multiple channels gives threat actors more options for tricking you or your users. Cybercriminals could impersonate the employee to contact the company, or they could claim to be you and message the employee. Either way, if the attacker successfully deceives one of you, you might hand over information.
On the other hand, if you establish just one line of communication to use during business travel, you and the employee can easily ignore any fraudulent messages that pop up on other channels.
You do your best. You try to raise users right. But the day will come when they leave the nest, and you have no choice but to hope they fly in the beautiful breezes of cybersafety. But just to make sure they’re ready, remind them of business travel best practices. You can write these points on a note and pin it to their shirts if necessary:
Follow company policies
Be aware of your surroundings (border crossings, in-person interactions, etc.)
Remember that people may be looking over your shoulder or listening to your conversations
Keep your device with you whenever possible
Before you host a return party for the precious device that’s now back in your midst, do some follow-up to ensure everything is on the up-and-up.
Run forensics: Whip out your best cybersecurity tests and other forensic tools. Before the device connects to your corporate network again, confirm that it wasn’t compromised.
Change passwords: Passwords could have been inadvertently compromised during the user’s trip. You could save potential heartache down the road by resetting them just in case.
Debrief the user: Discuss the trip with the user to see what went well, what struggles they faced, and whether anything suspicious happened.
Adjust policies based on your findings: Your policies are a work in progress. Continue to refine them every time you get new information from your users’ business travels.
Business travel can help you build relationships and grow your company. Unfortunately, it can also expose you to a boatload of risks. Ensuring secure remote access is essential to protecting your company while employees are away from headquarters.
Even if your globe-trotting employees never step foot in the office again, PDQ Connect can help you update their machines. This agent-based solution operates over the cloud so that you can oversee any managed device connected to Wi-Fi. Sign up for a free trial to see what it’s all about.