The workcation is on the rise. The blended work-travel experience is seen by proponents as a great way to increase motivation, productivity, and creativity. In a recent YouGov poll, 53% of Americans who can work remotely said they were interested in taking a workcation in the next 12 months–and their companies are helping make this happen.
New ways of working have extended to business leaders. Around 80% of executive jobs are currently available remotely, compared to 25% pre-pandemic, according to executive search firm Cowen Partners. However, senior executives need to be the most careful, whilst having the chance to reflect, recharge, and reset. If the upper echelons of management choose to work away from home and the office, there is a lot more at stake for a business.
According to this year’s Cybersecurity Breaches Survey from the UK’s Department for Science, Innovation & Technology, 32% of businesses recall breaches or attacks from the last 12 months. The report further found that only 18% of businesses had provided cybersecurity training to its workforce. Addressing the cyber skills gap needs to be tackled across all levels, including the C-suite, especially when they are the prime targets of one of the fastest-growing forms of cyber threats.
Our Talos global threat intelligent team has identified a 25% increase in data theft extortion incidents in the latest quarter, making it the most observed threat, overtaking ransomware. Data theft extortion is a cybersecurity incident where personal or confidential data is stolen. Once access is gained and data is analyzed, the bad actor then threatens to release sensitive information unless the victim meets their demands and pays out, which typically involves the transfer of cryptocurrency. By choosing victims at the top of the tree, the value of the data is no doubt perceived to be higher and hackers see the potential to obtain payments well into the millions.
For the business leader, having access to reliable Wi-Fi is far from the only priority whilst traveling abroad. The importance of maintaining strong cyber hygiene practices when they are connecting to the corporate network from locations outside their home turf becomes even more critical. Because unlike them, cybercriminals will not be taking a holiday. Fortunately, security measures to protect senior executives, and ultimately their business, need not be difficult.
Passwords
Believe it or not, the most common passwords of 2022 still included the likes of “123456,” “QWERTY,” and ”password.” Most cyberattacks and data breaches remain the result of weak passwords. Ensuring an executive’s identity remains their own requires a more complex approach to passwords that are longer, stronger, and harder for someone else to guess. Unique passwords for each account should use a variety of cases and symbols and be changed annually.
Defending devices abroad
Business leaders abroad need to be extra wary of equipment theft as one of the leading causes of data theft is device loss. It is also important to make life more difficult for anyone trying to snatch a device, particularly mobile phones. A cybercriminal who gets hold of an online password can sign into an account from anywhere, but if they obtain the PIN, they can access the device too. As research has shown, the choice of PIN or password determines how vulnerable devices are to a successful hack or attack, and obvious identifiers such as a birthday or credit card PIN should be avoided. Apps should only be installed from trusted sources and software should be kept up to date.
Authentication at home and away
Two-factor authentication (or 2FA) adds an extra layer of security that is easy for remote bosses to use and makes it significantly more difficult for anyone who should not be accessing their data to do so. 2FA technologies mean the executive has the chance to catch malicious abuse of their credentials and administrators have the metadata from the user's acknowledgment, so they can see any unusual time or location of access.
Endpoint protection everywhere
Having a virtual private network (VPN) is another important security solution for business leaders. An encrypted connection over the Internet from a device to a network helps ensure that sensitive data is safely transmitted, preventing unauthorized people from eavesdropping on data traffic. Users can then use the virtual network to access the corporate network without risk.
As business leaders may extend their holidays to make the most of time away from their office desks, it is even more critical that they follow good cybersecurity practices to prevent the risk of a serious attack.
With the freedom and power of hybrid working also comes the responsibility of senior bosses to work in a cyber-secure manner, wherever they are. A more relaxed environment shouldn’t mean a more relaxed approach to security, especially when it’s at the expense of their business.
Chintan Patel is the Chief Technology Officer at Cisco UK & Ireland.
The opinions expressed in Fortune.com commentary pieces are solely the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.
