Jessica O'ConnorAs millions of workers across the UK prepare to head off on their summer holidays, cybersecurity experts at FLR Spectron have highlighted the risks of staying connected to work while abroad.
The company warned that even something as routine as checking emails from an airport lounge could expose sensitive business data to cyber threats.
Last year’s research revealed that 42% of employees check their work emails while on leave, and 67% report feeling pressured to remain online during their time off.
While the intention is often to be helpful, these habits are increasingly being recognised as potential vulnerabilities.
Kamran Badhur, technical director at FLR Spectron, said: “Security breaches aren’t always caused by targeted attacks.
“They’re often down to someone trying to quickly check their inbox on public Wi-Fi, or forwarding a file to their personal account so they can access it more easily. These small shortcuts create real vulnerabilities.”
Among the common behaviours that could lead to cybersecurity breaches while on holiday are logging into work systems using public Wi-Fi, forwarding emails to personal inboxes, skipping multi-factor authentication (MFA), and using unapproved apps to store or send files.
Public Wi-Fi networks, often available in airport lounges and hotel lobbies, are frequently unencrypted and susceptible to spoofing by cybercriminals.
This allows hackers to intercept login credentials and other sensitive information in a matter of seconds.
Forwarding work emails to personal accounts for convenience may seem harmless, but personal email systems typically lack the robust protections in place on corporate networks.
Likewise, disabling or avoiding MFA – whether to save time or due to difficulties accessing it abroad – removes a vital layer of defence.
The use of unauthorised apps, which may lack encryption or proper access controls, further increases the risk of data exposure.
Badhur explained: “The issue isn’t just that staff are working while they’re away, it’s that most don’t have clear guidance on how to do it securely.”
FLR Spectron emphasised that most cybersecurity incidents that occur during holidays are avoidable with the right preparation, tools, and expectations in place.
The firm recommended that employers actively encourage staff to disconnect while on leave.
Many workers continue to monitor their inboxes out of a sense of obligation rather than necessity, and clear communication from employers that switching off is acceptable can reduce this pressure – along with the associated cyber risks.
For remote workers or those who must remain partially active during travel, FLR Spectron advised equipping them with secure tools such as a company-approved virtual private network (VPN), reliable password management systems, and app-based MFA.
Badhur concluded: “You can’t control where your team travels, but you can influence how they work when they get there.
“Good cybersecurity isn’t just about systems, it’s about habits. If you don’t give people the right setup and support, they’ll make their own decisions. And that’s often when problems start.”
