Blog / Mar 20, 2018

Twelve Tips to Help Employees Keep Devices Secure When Away from the Office

by mike levin

In 2007, Michael Levin retired from the United States Department of Homeland Security after a distinguished thirty-year career in law enforcement. Michael served at the Department of Homeland Security as the Deputy Director of the National Cyber Security Division. Michael previously served as the Branch Chief of the U.S. Secret Service Electronic Crimes Task Force program in Washington DC. Michael was a member of the Secret Service Electronic Crimes Special Agent program and worked around computer forensics and cybercrime investigations for over fifteen years. After this distinguished career and seeing the need, Michael founded the Center for Information Security Awareness. The CFISA (cfisa.com) brought together a group of leading academics, security and fraud experts to explore ways to increase security awareness among many audiences, including consumers, employees, businesses and law enforcement.


We’ve heard this story before: an employee leaves a laptop in their car and it gets stolen. In January 2018, 43,000 patients had their personal medical history exposed in this manner.1 In fact, stolen physical devices containing confidential data were the cause of over a million records leaked in 2017 alone.2 A recent article in The Mercury News highlights an organized crime group focused on laptop theft from vehicles.3 Thousands of stolen laptops and tablets were recovered in a massive Bay Area car burglary scheme.

Many organizations have focused only on IT security solutions for work devices and are not considering the importance of training and enforcing best practices for the physical security of devices. As thefts of devices increase, C-Suite executives should consider the risk of not educating employees and not having policies in place to protect the physical security of work devices.

Aside from device theft, confidential information is potentially being put at unnecessary risk when employees are away from the office or traveling. They frequently connect to public and free Wi-Fi networks but have no idea of the associated risks or steps they should take in order to work safely when away from the office. Providing employees with physical security best practices while traveling will dramatically help to reduce company risk.

Here are some security awareness tips to share with employees on two of the largest security risk to the business.

Keeping Your Devices Secure When Traveling

  • Do not pack laptops or tablets in checked luggage unless required to do so by airline security regulations. Devices can easily be stolen from your checked luggage.
  • Remember to retrieve devices at TSA checkpoints. Double-check that you have all of your belongings before walking away from the TSA checkpoint.
  • Never leave bags or devices unattended in the airport gate area. Don’t think you can quickly go to the restroom or buy something and leave your items unattended. Someone could easily watch you walk away and grab your items.
  • When on the plane, secure your devices. Phones, tablets, and laptops can easily be stolen from the overhead bins or from your seat or seat pocket when you use the restroom.
  • Before you leave the aircraft; double-check your seat area and seat pocket to make sure you did not leave any devices behind. Every year, millions of devices are left behind on planes and stolen or never recovered.
  • Never leave your computer bag or laptop unattended in a vehicle. Thefts from vehicles are one of the most common ways laptops are lost. If you are moving a computer bag to the trunk of your vehicle, do not do this in the same area where you plan to park. Criminals sit in parking lots watching specifically for this kind of activity.
  • Whenever possible, lock your devices in the hotel safe when you are not in the room.
  • Each time you leave your hotel room, remember to pull the door closed and check to make sure it has locked. Hotel thieves walk down the halls pushing on doors to find doors that are not properly locked.

Reducing the Risk of Using Public and Free Wi-Fi

Hackers can easily set up fake Wi-Fi networks that look like the legitimate local network for coffee shops, restaurants, hospitals, shopping malls, libraries, and other public locations you visit. As cyber-crooks turn to cryptocurrency mining to monetize their hacking, we are starting to see Wi-Fi hotspot hacking to install crypto-miner malware on devices of unsuspecting users. Never assume your devices are safe, even at your local Starbucks.4

  • Use company-provided VPN whenever available. You should always utilize the VPN while connected to public Wi-Fi. VPN software should be available for all corporate-supported devices.
  • Use your phone tethering feature or cellular Internet service instead of free Wi-Fi whenever possible.
  • Never conduct financial transactions, including any transaction requiring a debit or credit card, when using public or free Wi-Fi services.
  • Consider changing your passwords after you travel in case they were compromised while you were traveling.

Final Thoughts

The loss or theft of a work laptop or smartphone while away from the office could have devastating consequences to the business. Careless employees who feel they are unaccountable for the loss of work devices could damage or destroy the business reputation.

Risky use of free public Wi-Fi is something that every employee must be aware of. Simple policies and procedures associated with Wi-Fi use, conveyed to employees will help to reduce company risk.

Ongoing employee education and reminders of the risk can dramatically reduce the chances of your company becoming a victim.



To read more from Michael Levin, please visit The Center for Information Security Awareness blog at cfisa.com/blog.html.

Follow us on social media.