26 June 2016: On 10 June, thousands of companies across Europe and the rest of the world are likely to discover they have more remote workers than they did the day before, as the Euro 2016 football tournament gets underway. Fans trying to keep on top of work using mobile devices while surrounded by crowds of strangers, insecure public Wi-Fi networks and the distraction of a match will be immensely vulnerable to cyberthreats. Fortunately, there are a few simple steps that they and their employers can take to stay safe.
The Euro 2016 football tournament, hosted by France, brings together 24 teams for 51 matches. Millions of fans will be watching the games in stadiums, bars and at public screenings. Employers have been urged to let staff work more flexibly or from home so they can watch key national games, but some employees may take matters into their own hands, working from mobile devices while watching a game with fellow supporters. The IT security risks of such behaviour are immense. Neither employers nor employees may be fully aware of or prepared for just how vulnerable they are about to become.
To help everyone keep important business data safe, regardless of where they are, Kaspersky Lab has drawn up a short essential guide:
10 things remote-working fans can learn from the players on the pitch
1. Take responsibility for your own performance
A recent Kaspersky Lab study into ransomware found that less than 4% of adults in the US would mind if work documents on their device were lost through cybercrime, while 77% would panic if they lost financial info. Indifference doesn’t lead to secure behaviour. If you are planning to work on the move, you need to feel responsible for the safety of the business information you handle.
2. Everyone is watching you
Logging into a device where anyone can look over your shoulder and make a note of your password or the work you’re doing – so-called ‘visual hacking’ – makes it easy for others to break into your device or steal information. Keep your data to yourself.
3. Keep your eye on the ball
Phishing and ransomware emails look increasingly convincing and can even appear to come from a colleague. If the message is unexpected, contact the sender directly, and never click on an attachment or a link in an email from someone you don’t know.
4. Don’t reveal your game plan
Don’t transmit anything unless you know it’s encrypted. With WhatsApp and Apple’s iMessage service now encrypting communications end-to-end as standard, email is rapidly becoming the most vulnerable form of business communications. Use the most secure channel you have access to.
5. Beware Man-in-the-Middle attacks
Using a free, public Wi-Fi network to stay in touch with work is extremely high-risk. An attacker can easily insert themselves into the network and spy on or intercept all your communications. They can do the same between an email and your business server. End-to-end encryption prevents this – so if you don’t have it, don’t email till you’re somewhere secure or use a VPN (virtual private network).
6. Prepare for the worst
Employers unprepared for the sudden increase in remote working may not have the most appropriate security installed on work devices, let alone employees’ personal devices. If it’s too late to get this installed, then at the very least don’t leave home without the most up-to-date version of device software installed. Mobile devices are not immune to cyberattack: in 2015, Kaspersky Lab prevented nearly three million attempts to infect mobile devices with a Trojan.
7. The referee can make mistakes
Websites, network service providers, operating systems etc. do their best to provide protection or alerts: such as the new malware and phishing website warnings introduced by Bing[v]. However, the baddies are increasingly cunning and if there’s a point of weakness, they’ll find it. Confine your remote work to things that are not business critical or sensitive.
8. But don’t blame the referee for all mistakes
Sometimes things go wrong; devices get broken, lost or stolen, or affected by malware or ransomware. The best thing to do is to come clean and let your IT department know immediately so they can take appropriate steps, such as blocking or remote-wiping the device, or isolating the malware before the infection takes hold.
9. Don’t make victory easy for the other side
Cybercriminals generally prefer the path of least resistance. Solid security, security updates, a hard-to-crack password, the use of the latest software, a business VPN and encrypted communications all make it harder for an outsider to gain access to your device and business information.
10. But don’t expect to win without trying
Kaspersky Lab has found that only around half (53%) of consumers make use of the security features that come with their device. To stay ahead of the hackers, you need to get to grips with these security essentials. It’s about focus and commitment, supported by the right equipment. Just like football.
“Euro 2016 should be a celebration of football for fans the world over to enjoy. Sadly, occasions where people are more relaxed about device and data security can quickly become a happy hunting ground for hackers. Cybercriminals won’t hesitate to pounce on an under-protected football supporter trying to work remotely. A few basic precautions before, during and after the match will help employers and their workforce to stay safe – leaving them free to enjoy the glorious spectacle of sport,” said David Emm, Principal Security Researcher, Kaspersky Lab.