You’re getting ready to go to Las Vegas for this year’s Black Hat and have heard some pretty crazy stories ... No, not those stories. The ones about how, if you have a conference that brings together a bunch of people from all walks of life with the love of hacking in common, a gathering like this is bound to bring out a few bad-guy hackers. Rules are fairly simple, though. Hacking is fair game during the conference for helping to encourage collaboration, creativity, and training but, of course, not for crossing the line of degrading systems or stealing from people.
So how do you help protect yourself while at Black Hat to make sure you’re not added to the list of unfortunate people that find a new babydoge cryptominer living rent-free in their system?
Simple
Updates: Update all operating systems, applications, and anti-virus on your devices before you leave. I’m looking at you, sitting there with that update button you've been ignoring for weeks thinking you’ll eventually get around to turning on auto-updates.
Privacy: Always use a VPN to encrypt your traffic. Now is not the time to be nonchalant about unencrypted traffic. Be cautious or completely avoid easy targets such as open WiFi, free USBs, and ATMs. Also, invest in some privacy screens for devices and RFID blocking sleeves (or just some good old fashioned foil) for hotel and credit cards.
Device Vigilance: Limit the amount of electronic devices you pack, turn off your bluetooth, especially your NFC, and clean out your WiFi settings. With your devices automatically broadcasting to connect to previously known access points, it can be very tempting for someone to set up their own version of “xfinitywifi” just to see how many people will connect.
Situational Awareness: Be mindful of your surroundings, don’t leave your items unattended or unlocked. Don’t be the person that someone gets to practice their social engineering or eavesdropping skills on. With the amount of information you can get in a hotel bar alone, for example, it’s best to keep those in-depth work conversations you’re having with colleagues to a more private location.
Moderate
Scans and Monitoring: Periodically scan all your devices for malware. If you’re feeling particularly concerned, get a baseline of your device’s network and process activity, as it will be easier for you to notice when something is awry. An additional “extreme” step would be to actively monitor incoming/outgoing communications should you feel the need to go that far.
MFA: Set up Multi-Factor Authentication on your accounts. This isn’t necessarily for BlackHat, but it’s just something you may already have been told to do but haven’t done yet. So you might as well since you’re taking the time to read this.
No Work Equipment: Your CISO will thank you, your boss might not. Business cards are still a thing, and you can always email those cool new contacts when you get back into the office. This isn’t possible for everyone, so the above suggestions apply with added emphasis of situational awareness, leaving your office building badge at home, and connecting to work assets only when absolutely necessary.
Extreme
Go Low/No-Tech: Is your proverbial tin-foil hat more 10-gallon style? Leave all your devices at home, grab a classic burner phone for emergencies, pay with only preloaded debit cards and/or cash, and bring a new favorite nondescript notebook and pen.
The tone of this article might be very light-hearted, but is intended for you to easily take your security seriously. These suggestions can help prevent some pretty annoying headaches to make sure your time at BlackHat is educational and fun.
While I'm sorry to say that IronNet's happy hour at Black Hat already is completely booked, you can come see us at Booth #1257 or learn more here.