Securing your Digital NOMAD Business

Secure NOMAD

What’s the appeal of being a digital nomad?

Working as a digital nomad is attractive to many, and less appealing to others. Depending on your preferences for how to manage the work-life balance, many professionals excel at this employment style, doing wonders for their careers. A little bit (or a lot) of traveling, discovering cool coffee shops and co-work spaces, and of course, the flexibility to manage your own time.

Others dabble in it briefly, and realize it’s not their calling in the working world. They’d rather have a consistent working schedule, be based in one fixed place, and find an alternative way to integrate travel and exploration into their personal income needs and goals.

All that being said, even for those whose careers and professional development are prospering thanks to their digital nomad lifestyle, the online security risks involved are a serious factor to address.

Digital NOMAD security concerns

The praises of cloud storage, collaboration, financial management, productivity etc. tools can be sung until the cows come home. But the security risks in managing business resources are not to be sniffed at.

Typically, digital nomads who run remote businesses manage their entire stack of businesses tools in the cloud. This amounts to a long, long list of apps, software, and of course, online accounts and personal credentials. Not to mention relying on the abilities of cloud tools to guarantee that their online assets are always available, secure, and off-limits to unwelcome users

Risks and solutions for any business

What is ransomware?

Ransomware is a particularly complicated and threatening form of malware (malicious software).

When a victim is targeted by a ransomware attack, his files have been encrypted by hackers (who either locked down his entire system or denied access to specific files). If he wants to regain access, he may (but not definitely) be able to do so, but only if he pays the ransom fee that the hackers are demanding in return for his file access.

Business risks

When any business (big or small) is hit by ransomware, employees will lose access to their documents, pictures, databases and other files. Other less obvious losses are involved too, such as wasted days of work, the time needed to restore files, etc.

Files will be encrypted, or possibly published online. Unless victims pay the ransom by the ‘deadline’ they can be demanded to pay double the ransom fee or worse...the files will be permanently locked.

Bitcoin Ransomware

An added danger is if the hackers are demanding the ransom payment in form of Bitcoin. This is often the case since hackers often prefer Bitcoin -- due to its ability to be anonymized. Ultimately, as the recipient of the money -- their identity, allegedly, cannot be tracked.

When it comes to being the victim paying a cyber ransom with bitcoin, many risks and hassles are involved;

  • Non-regulated payments
  • Unstable monetary value
  • Irreversible payments
  • No legal protection involved (such as those offered by credit card companies)
  • More reasons?

What you can do

Use anti-ransomware software...it’s a must.

This technology analyzes all suspicious activity on your device (PC or mobile). It will detect ransomware attacks, block them, and immediately restore any encrypted files. Malicious attempts to lock your device don’t stand a chance, and you’re guaranteed to always have access to your online assets.

Antivirus software: Why it’s crucial

Computer viruses are types of malicious programs or code that have the ability to alter how a computer operates. In their very essence, viruses are built to spread from one device to another.

How do they spread?

Viruses insert themselves to regular, innocent programs or documents. By executing their harmful code, they corrupt or destroy data -- harming the system software.

These days, viruses have many hiding places, such as mail attachments and program files.

Maintaining a passive existence, before they begin infecting a device, viruses can easily be present without showing virus symptoms or general ‘signs’.

Once they decide to infect, they perform actions such as stealing data and passwords, corrupting files, spamming email contacts, overtaking a machine, logging keystrokes, erasing data, and permanently damaging a hard disk. Need we say more?

When businesses catch a virus

Business can suffer truly hard blows when a virus comes their way, such as:

  • Permanently losing data
  • Costing organizations billions of dollars in “clean up costs”
  • Distributing both malware and inappropriate content within the company and to customers themselves.
  • Accessing customer’s financial credentials and other sensitive information

How antivirus software combats even the worst of viruses

Antivirus software employs its signature-based malware capabilities to scan files and compare them against a database of specific codes. When it comes to infected programs, antivirus software will perform cloud-based scanning and behavior-based detection to monitor both networks and overall behaviors to identify suspicious actions, blocking the necessary programs and reporting them to the cloud.

Phishing attacks: Every business’s worst nightmare

Small businesses are regularly targeted by phishing scams that are sent to victims via an innocent-looking email [dark patterns, using emails seems like from known sources - Google, Facebook, accounting software, online backup service, using almost real messages - Facebook bill, change password procedure, ‘we paused all your campaigns until payment resolved” and such]

Once opened and its linked clicked on, these deceiving links can contain malware and release a virus onto the computer.

These emails often request personal information of the victim, and the malware grants the hacker authorized access to business data and networks.

Phishing targets

When planning a phishing attack on a business, big or small, hackers will go as far as researching which organization to target, narrowing their plan down to individuals with particular job responsibilities and professional hierarchies. With this information, the phisher at hand can impersonate an employee’s boss for example, so that the email recipient is more likely to open that email or file without thinking twice. Once they’ve clicked on a malicious link, they’ll often submit their username/password to a phishing site and grant the cybercriminal at hand full access to their personal details or worse, an entire company network.

How you can prevent a phishing attack

Most importantly, Anti-Phishing software is the most crucial security measure that an individual or a business can take. An effective Anti-Phishing will protect you from zero-day attacks, which are harder to spot than standard viruses. This is made possible when the software uses a cloud-based environment to inspect attachments and files, even if the particular phishing malware is not yet known to the developer community. The targeted Anti-Phishing protection will prevent identity theft as well as file damage since it continuously backs up files so that none will be permanently damaged or lost.

The human factor: there’s even more you can do to protect yourself

Hackers don’t just enjoy accessing your data. They’ll often go as far as erasing it completely. This is why it’s crucial to backup every file on an external hard disk as well as an online/cloud storage backup.

Cloud storage

In the multi-device era that we find ourselves in, cloud backups are a lifesaver. Photos on mobile devices, documents on tablets and just about everything on our PCs, cloud storage is what ties it all together. If you want to access it easily, it’s got to be in the cloud. This is true for both consumers and businesses, and especially for digital NOMADs.

Many businesses rely on cloud storage for their collaboration needs, saving disk space and time sending and transferring their files and data.

External backups

External backups are unquestionably the most secure way to store your files and data. Their susceptibility to cyber attacks and online crime are non-existent. Even if you do get hacked and suffer painful blows, you won’t lose your files and personal data. This is huge. Not to mention the costs are easier as it’s a one-time fee, and the prices for an external hard drive are very reasonable. And when it comes to travel and portability, external hard drives can come in really, really small packages. Even a USB with a large storage capacity will do the trick.

Remote access

It happens; people often get their laptops lost or stolen, especially while traveling. For this reason, having the ability to wipe your PC remotely is a must, definitely for digital NOMADs, but really, for everyone.

A software that enables you to wipe your PC from wherever you are means that the second you realize your device is in the wrong place, you can erase it completely without physically touching it. Your physical computer might be in dirty hands, but not your data or personal files.

This, of course, is only the right option if you have your files backed up elsewhere. There are even tools made just for this purpose, such as SugarSync or Prey, that enable you to access your missing laptop (its physical location) you can ‘wipe’ everything that’s there.

Two-factor verification

What’s two-factor verification?

Also known as ‘two-factor authentication’, this security mechanism requires two layers of validation to make sure that the attempted logging in is being done by the right user.

Two-factor verification often exists in the form of physical authentication and a piece of online data.

For example, any user can set up two-factor verification with a USB stick that also requires a password in order to be accessed. This way, if you leave your USB stick at a coffee shop, the stranger that tries to use it won’t be able to, because they don’t know the password.

Backup phone numbers

What happens when you lost your phone? Some services offer additional authentication tools beyond text message, such as another backup phone number. This communication option can be necessary, in the event of device theft or loss. To avoid an unpermitted login scenario, most online services have a 2-step authentication with a text message to validate that the correct user is logging in.

Fingerprint/biometric access is a no-go

Minimize the use of fingerprint/biometric access to unlock devices. This sounds quite contrary to the consensus that fingerprint access to mobile devices gives you the ultimate security. In truth, people can actually hack our fingerprints.

Once a hacker steals your fingerprint, he can use it to access your bank accounts, other biometric security processes you may have set up, such as offices that use fingerprint entry to enter the building and register in-office hours.

Every password should be long and strong

Make strong passwords for your services. The longer the password, the better and harder to guess. The more ‘random’ your password is, the harder it is to guess. This means that a botnet will struggle to crack a longer password since the possible combinations that can be generated from more characters are much greater than the combinations generated by, say, a four-letter password.

Public WiFi networks can cause big trouble

Avoid using public WiFi as much as possible. If you’re in a situation where you have to use it, either use a VPN on your browser, or if this is also not an option, work only on secured sites with SSL. SSL sites are those whose URLs begin with “https://” as opposed to “http://”. What must be avoided at all costs is connecting to sensitive services (such as online banking) via public WiFi. If a public WiFi network is hacked, which is very possible since these networks are rarely protected by security tools, hackers can access every device that’s been connected to that network.

Cyber concerns: How NOMAD businesses differ from Brick and Mortar

‘Brick and mortar’ B2B companies are known to have substantial cyber and overall data security practices in place. With their company server, website domain, digital assets, and employee data to protect, security is a major priority for both executives, middle-managers, and truthfully, every employee.

So how do these security needs translate for professionals that run their entire business in the cloud? The remote business software stack can actually be quite immense.

The following illustrate cloud-only solutions to traditional ‘brick and mortar’ resources:

Finance and HR (Bookkeeper, Controller, Admin):

Instead of an employee managing the payroll next door, remote business owners use apps like Intuit Payroll to manage payrolls and payroll tax deductions.

Likewise, remote employees and freelancers are still responsible for reporting their working hours and the vacation days they’re entitled to. The typical HR team managing these tasks can be replaced by web-based apps like Harvest or FreshBooks, which tracks employee work hours, vacation rights, general expenses, and overall business accounting needs.

Confidential Documents

Clients and employees often need to expose sensitive documents to a business. Remote companies benefit from apps like HelloFax and DocuSign to manage signatures and send each other documents and contracts.

Internal and External Communication

They may not be sitting in the same office, building, or even continent, but managers and colleagues spend hours communicating and having meetings over apps like GoToMeeting, LogMeIn, Zoom, Skype, Slack, WhatsApp and so on. The cloud-based channels and avenues of correspondence they have available today are endless.

IT resources that cover data management needs (servers and networking hardware):

Virtual desktops and cloud-based servers are popular among remote businesses that don’t have local server rooms. Instead, they leverage cloud services such as Rackspace, AWS or others. All of their software, servers, hardware and apps are cloud-based; that way, employees can successfully access and manage business data.

Project Management

Used by both physically-based and 100% remote companies, apps like Google Drive, Dropbox, Basecamp, or Trello are increasingly popular among individuals and team members who collaborate on projects. Projects and workflows are transparent to everybody, no matter where they are.

Protecting your cloud-based digital assets

If a hacker succeeds in leaking your passwords or breaking into your PC or mobile, the potential damage can jeopardize an entire business.

If a digital nomad’s invoicing or accounting software gets hacked in any way, by let’s say a phishing attack, the consequences can be serious. Employee data such as social security numbers, customer bank accounts, company bank accounts…all of these could fall into the hands of cyber criminals.

The same applies to electronic signature apps…what if employee’s government ID is stolen? What if a hacker gains access to any team member’s webcam, and records confidential business meetings or phone calls? Gains access to the company’s LogMeIn account and has full remote access to the business owner’s PC. The possibilities are endless.

These scenarios actually make cyber security a top priority for digital nomads. If they’re not safe in cyber space…they’re not safe anywhere.