News

Protection and security of information during business travel: 1.

Protection and security of information during business travel: 1.

In the previous chapter we saw how data security is a particularly sensitive issue, even more so when it comes to business travel. Many of us use means of Internet access (public wi-fis, payment networks at airports, connections through customer or supplier networks, etc.) without checking their legitimacy or the security of transferring our data.


Today it is a reality that the very technological dependence is at the same time one of the greatest vulnerabilities to keep our private and most sensitive information safe. Any device connected to the Internet is, by default, exposed and the security of the stored data depends mainly on us… ¡


Nor should we go crazy. It is frankly complex to maintain an integral security of our information without forcing us to do without the comforts that day by day the new technologies offer us, but we must be conscious of the importance of carrying out an active policy of protection of our information;



But we must be aware of the importance of carrying out an active protection policy through a set of simple guidelines and good practices that, when used correctly, will defend us from possible malicious users, carelessness or fortuitous accidents, which are more common when we travel.


Today we will continue the previous series by offering a set of recommendations focused on the security of data networks and the way we connect to the Internet… ¡Let's go thereá!



1. If a data is confidential (and very sensitive), do not store it in the cloud:
Anyway, what do you want me to tell you… Some consider this statement as the basic rule of any policy of prevention and prudence. Personally, I consider it more of an eccentricity and a brake on natural evolution and technological development. Let us be consistent with our decisions and make use of all the good things that new technologies offer us without losing the horizon of security and caution.


2. Establish secure browsing protocols and access to our information:

In relation to access to online platforms, such as social networks, corporate tools, etc. I recommend setting up an encrypted and secure connection using HTTPS protocol. As an example, it is worth mentioning the new connection modes that the main social networks and cloud platforms, including Google, Facebook or Twitter, allow us to configure an access via HTTPS, guaranteeing a completely secure transfer of our information.


3. Disable wireless networks when you are not going to use them:

As a precautionary measure, it is advisable to keep wireless connections (wi-fi, bluetooth, etc.) disabled (or hidden) in crowded public environments, because they are a frequent unauthorized gateway to our most sensitive devices and information. When you connect, always do it, as a general rule, in those protected and trusted networks. Otherwise, if you do it through a public and unprotected network, never perform banking transactions or connections with corporate systems that store sensitive information.

4. Watch data consumption and set alerts for excess:
Undoubtedly, a useful (and little known) proactive preventive measure that can get us out of trouble against malicious programs and codes installed, without prior consent, inside our mobile devices (mainly smartphones and tablets). This type of programs, more commonly known as viruses, Trojans, worms… are nowadays one of the most used (and widespread) weapons by the friends of others, whether they are cybercriminals, hackers, hackers, hackers or just plain jokers;

How can we tell if we are being robbed of information? One of the simplest and most effective ways is to analyze the volume of data consumption within our terminals. Nowadays, most platforms allow us to set up alerts for excessive consumption, which warn us of anomalies in data traffic. For example, if in a normal month we have been consuming 1GB of traffic, it would be strange that a few days after the start of the billing cycle we would have already consumed the vast majority of the available bandwidth, right?


This fact could be perfectly justified, but it could also mean that our terminal is infected and is sending a large amount of data to some distant server in a country of the former Soviet Union, China or any other, anyone but the US…



5. Maximum precaution against fraud mechanisms by means of social engineering:
Today it is one of the most effective and aggressive means of attack due to its viral potential, but at the same time simple to repel. It only requires a bit of logic and common sense. The “social engineering” techniques base their attack on the way of thinking that we have (as a general rule) users, tremendously confident, ignorant of the ins and outs of technology, unable to say ¡no! and highly egocentric.

The model is simple, a malicious user impersonates someone with certain authority (administrator, bank employee, insurer, …), which very kindly asks us through the Internet (a social network, an email, a call, sms or from a web page –phishing-) to do something apparently normal, but in reality hides a dark secret: access to our information or impersonate our identity to, subsequently, get hold of our data.


If you want to go deeper into the subject, I recommend reading the definition offered by Wikipedia about this term:

http://es.wikipedia.org/wiki/Ingeniería_social_(information_security)



6. Secure networks, secure browsing, secure transactions:

We end with a standard that, far from being banal, aims to provide us with a standard criterion to apply when in doubt about the security of the environment around us. When we connect to the Internet from one of our devices and we do so outside our personal and/or professional environment, we should first look for a secure network, and if we do not have one, we should configure a secure, encrypted and incognito browsing mode.

If either of the two previous premises is not met, we are not in a position to guarantee the security of the environment and therefore the integrity of communications and our information. Therefore, and under this scenario, I do not recommend performing or accessing environments of maximum security, such as banking environments, transactional systems, corporate applications, etc., unless it is strictly necessary or if we have the necessary resources,


















































It is clear that, either through our devices or through the data networks and mechanisms we use to connect to the Internet, the reality is that we are permanently exposed to information theft and unauthorized access to our most sensitive data. A correct policy of security, added to the compendium of guidelines and recommendations that we have seen throughout the two last deliveries, will help us to narrow (that not to close) the doors of entrance to those malicious users, blocking the greater possible number of holes of security, with the objective to remain protected the greater possible time.



Borja Rodríz Niso
Founding Partner of Velentis
www.borjarodriguez.es
www.velentis.com 

Share