In 2007, Michael Levin retired from the United States Department of Homeland Security after a distinguished thirty-year career in law enforcement. Michael served at the Department of Homeland Security as the Deputy Director of the National Cyber Security Division. Michael previously served as the Branch Chief of the U.S. Secret Service Electronic Crimes Task Force program in Washington DC. Michael was a member of the Secret Service Electronic Crimes Special Agent program and worked around computer forensics and cybercrime investigations for over fifteen years. After this distinguished career and seeing the need, Michael founded the Center for Information Security Awareness. The CFISA (cfisa.com) brought together a group of leading academics, security and fraud experts to explore ways to increase security awareness among many audiences, including consumers, employees, businesses and law enforcement.
We’ve heard this story before: an employee leaves a laptop in their car and it gets stolen. In January 2018, 43,000 patients had their personal medical history exposed in this manner.1 In fact, stolen physical devices containing confidential data were the cause of over a million records leaked in 2017 alone.2 A recent article in The Mercury News highlights an organized crime group focused on laptop theft from vehicles.3 Thousands of stolen laptops and tablets were recovered in a massive Bay Area car burglary scheme.
Many organizations have focused only on IT security solutions for work devices and are not considering the importance of training and enforcing best practices for the physical security of devices. As thefts of devices increase, C-Suite executives should consider the risk of not educating employees and not having policies in place to protect the physical security of work devices.
Aside from device theft, confidential information is potentially being put at unnecessary risk when employees are away from the office or traveling. They frequently connect to public and free Wi-Fi networks but have no idea of the associated risks or steps they should take in order to work safely when away from the office. Providing employees with physical security best practices while traveling will dramatically help to reduce company risk.
Here are some security awareness tips to share with employees on two of the largest security risk to the business.
Hackers can easily set up fake Wi-Fi networks that look like the legitimate local network for coffee shops, restaurants, hospitals, shopping malls, libraries, and other public locations you visit. As cyber-crooks turn to cryptocurrency mining to monetize their hacking, we are starting to see Wi-Fi hotspot hacking to install crypto-miner malware on devices of unsuspecting users. Never assume your devices are safe, even at your local Starbucks.4
The loss or theft of a work laptop or smartphone while away from the office could have devastating consequences to the business. Careless employees who feel they are unaccountable for the loss of work devices could damage or destroy the business reputation.
Risky use of free public Wi-Fi is something that every employee must be aware of. Simple policies and procedures associated with Wi-Fi use, conveyed to employees will help to reduce company risk.
Ongoing employee education and reminders of the risk can dramatically reduce the chances of your company becoming a victim.
To read more from Michael Levin, please visit The Center for Information Security Awareness blog at cfisa.com/blog.html.