Posted in Industry Trends

5 Ways Traveling Employees Can Cause Insider Threats

Reading Time: 4 minutes

With the 2019 RSA Conference on the horizon, many of our readers may be traveling for work. But, few people may realize that the insider threat risks increase dramatically for road warriors. Some of the most common travel habits could be putting work-related account credentials and sensitive data at risk.

Here are five ways that traveling employees can open up their organizations to unnecessary cybersecurity risks (whether their intentions are malicious or not).

1. Tapping into Open or Unsecured WiFi Connections

We recently conducted a survey of 1,000 employees who traveled with corporate devices in the past year, and found that 77% of respondents connected to open WiFi connections while traveling. What’s more, 63% of people admitted to accessing work emails and files with these open connections. While the swan song of free, public airport WiFi may seem tempting, these unsecured connections could be opening the organization up to potential data exfiltration via compromised employee devices and accounts.

The best defense against this type of user activity is cybersecurity awareness. Instead of using open connections, employees who frequently travel should only connect to the internet in secure ways, including password-protected hotspot devices or encrypted networks. In addition, if they’re accessing sensitive files or areas of the server remotely, they should be using a VPN (…but more on that later).

2. Using Unauthorized USB Drives or Removable Media

Removable media, including USB drives, can cause major cybersecurity headaches for organizations. A common conference giveaway, USB drives can often secretly carry malware that infects a user’s machine and opens it up to hackers. Even without the presence of malware, USB drives can pose a risk, since they’re easily misplaced or mishandled. While most USB usage is innocent enough, if these devices are in the hands of malicious insiders, they can become a common vector for data exfiltration and theft.

While restricting the use of USBs and removable media probably isn’t practical, creating the right level of USB security policy could protect your organization against unnecessary risks. For highly regulated industries, blocking USB ports altogether may be the best line of defense. As a supplement to a strong policy, an insider threat management platform like ObserveIT 7.7 can prevent data leakage via removable media with user and data activity monitoring, which also aids in the investigation process.

3. Carelessness with Devices

While this tidbit may sound like a no-brainer, lost or unattended devices are still a top cause of data loss. Nearly a quarter of our survey respondents admitted to leaving their work devices unattended in a public place, which increases risk of potential theft of illegitimate access. Needless to say, this type of user activity is unnecessary and can be easily avoided!

Another potentially careless action is accessing work-related files or emails on an unsanctioned, personal device (which more than half of people surveyed admitted to doing). Personal devices are generally less secure than ones deployed by a company, since there aren’t dedicated staff monitoring system upgrades and security scans. This level of risk isn’t smart for individual employees to assume, so it’s crucial to stress the use of corporate devices for traveling employees.

4. Accessing Corporate Systems Without a VPN

Surprisingly, only 17% of survey respondents consistently used a VPN while traveling. With the rise of cloud-based file sharing and collaboration software, as well as SaaS applications, the need for VPNs may have seemingly diminished for traveling employees.  

However, a properly configured VPN connection should still be the gold standard for road warriors. Secure VPN connections encrypt data in transit, and enable the cybersecurity team to properly monitor the frequency and types of connections to corporate servers. For example, if malicious insiders are attempting to access unauthorized files or areas of the server, an insider threat management platform like ObserveIT would detect that risky user activity and prevent any data exfiltration from occurring.

5. Neglecting Cybersecurity Policies for Remote or Traveling Workers

Unfortunately, most employees completely lack cybersecurity awareness training or knowledge of corporate policy. Almost half of our survey respondents said that they’re either unaware of any organization-wide cybersecurity travel guidelines, or that their company doesn’t have any of these policies in place.

It’s important for the security team to establish these guidelines and regularly reinforce them, so that every traveling employee knows the proper code of conduct. Avoiding common risks like unsecured connections and unauthorized devices are two good places to start. If your organization has travel guidelines in place, ensure that employees are aware of the rules of the road (preferably before the next business trip!) These measures are intended to protect employees and the organization from unnecessary risk, not impede people from doing their jobs. A regular feedback loop with employees can help the security team discover what’s working (and not working) for remote work.

Stay Safe Out There, RSAC 2019 Travelers!

If your team is filled with road warriors, we want to see you at RSAC 2019! We’ll be at Booth #259 in the South Hall, talking about how to defend against all types of insider threats (particularly those that have been around for decades … we’re looking at you, USB drives). We’ll be dropping some knowledge on a modern approach to data loss prevention in our retro-themed booth (find us under the suspended Delorean). And come play some O.G. Nintendo games while you’re at it. Hope to see you there!