Notes and Observations From the Road - From Duo CISO Advisor Dave Lewis
I wander the world from one country to the next as a part of my job. This means that in addition to being confined in a pressurize tin can at 38,000 feet a lot, I also spend a significant amount of time in airport lounges. One thing that I’ve come to understand is that travelers let down their guard when they’re in an airport lounge, and do things that they would not necessarily otherwise have done. As a result, over the years I’ve managed to collect many pictures of laptops and mobile devices being left unattended — and in some cases even logged in while their owner has wandered off in search of coffee and stale sandwiches.
Travelers Should Implement Zero Trust
Nefarious types are well aware that travelers drop their guard. They can cause no end of harm if they were able to make off with your laptop. It’s absolutely essential that you keep a keen eye on where your stuff is and don’t assume it will be fine simply because you’re in the lounge. Which makes frequent flying executives easy technology targets. Further to this end, why for the love of all that is sacred, would you wander off in search of coffee and leave your laptop logged in? This has always baffled me.
When I used to be in an office environment earlier in my career, I learned the hard lesson of forgetting this when an email was sent out from my account offering to bring donuts for the entire team next meeting. I did not send that email. But I did leave my laptop unattended and open. This is a lesson that hopefully you only need to learn once. Situational awareness is essential on the road as you can bet that buying donuts would be a pleasure in contrast to what could potentially transpire.
Strangers No More
Another curiosity that I see when I travel is how much information people share on their luggage or person. From luggage tags to t-shirts with their names on them it becomes a trivial exercise for a negatively intentioned person to puzzle out your story.
Out of boredom, while I have stood in a long line for a taxi or slumped in a chair in a lounge I have amused myself by doing a simple exercise. I would look for a name on a luggage tag and start searching. Using the name and location of where they are located — it would be stunning how quickly I could find them on social media. And in short order I would have their place of work, where they live, went to high school and pictures of their pets. Not much of a stretch to be able to puzzle out a series of possible passwords either. We humans are curious and very predictable in that regard.
Unattended Password Protection
This is a strong argument for the need for multi-factor authentication products such as Duo Access, Duo MFA and Duo Beyond that work on the principles of zero trust security. When I can puzzle out your life story from a luggage tag — you need to take measures to ensure a criminally inclined person can’t guess your password as well. Being able to use push technology to provide that extra layer of security will help protect your accounts and devices.
Unfortunately, there is no technology to keep you from leaving your laptop unattended. Until there comes a time when a new luggage software is developed…just don’t do it.