This week, a big IT security event happens – RSA Conference 2013 – bringing together some of the greatest players in the industry.
Although it might seem obvious that security should be on the top of everyone's minds at events, it's easy to get lost in the hustle and bustle and forget that info security events can be just as insecure as any other event.
We’ve created a checklist of eight IT security tips for you to keep in mind while attending this week's RSA Conference, or any other conference on your calendar this year.
- Be wary of open WiFi networks, and use VPN whenever possible.
If you're using a public unencrypted WiFi connection, others nearby could be able to see your communications.
Use of a VPN (virtual private network), which encrypts all communications between your device and the office, will prevent this. Even if the public WiFi is encrypted, you don't know who has made it available.
If you must use public WiFi to access online services, make sure you only use those that use HTTPS for login and data transfer. Check out these tips on safe WiFi surfing .
- Enable passcodes and security software for smartphones and tablets.
There are many solid free apps offering security features such as remote lock or wipe, tracking for lost or stolen devices and malware protection. Android users can check out Sophos's free Mobile Security app.
- Review your devices’ security settings.
When not traveling, it’s easy for us to become lax about how our security apps work and are set up. But when you’re hustling and bustling all over a crowded conference center, consider updating your settings to lock your device more quickly than normal.
- If you don’t *need* it, don't carry it around with you.
Have you one smartphone for work and one for personal use? Keep it simple - choose one and leave the other in the hotel room stored safely. If there is a safe in your hotel room, use it to store any devices or paperwork that you don't need to carry with you around the show room floor.
- Be wary of tempting freebies given away by vendors.
You may be given a sweet free USB key, but it might unknowingly be infected with a sour piece of malware. Believe it or not, we've seen this happen even at AusCERT, a security conference in Australia, where IBM inadvertently gave away free USB drives infected with not just one, but two pieces of malware.
- Don’t access company data unless absolutely necessary.
If you must carry a laptop, tablet, USB drive or any other device that can access confidential data, make sure to have encryption enabled. You will be very thankful if the device winds up in the wrong hands.
- Be wary of phone charging kiosks and the possible risk of juicejacking
'Juicejacking' is hacking a smartphone through a likely power-and-data connection mobile phone adaptor. We haven't seen it in the wild yet, but don't be the first victim for us to report.
- For the really paranoid: use a temporary laptop or phone.
Carrying no sensitive data with you means that even if your device is stolen/hacked/’evil maid’ed, your info is not at risk. When you return home, just wipe the device.
You can also keep up with all of our #RSAC happenings by following us @Sophos_News.