Fri, Dec 4, 2015

From Liability to Assets: Data Security Tips for the Business Traveler

In today’s age of cloud storage of sensitive documentation, remote teleconferencing and data mobility, securing sensitive data has never been harder for today’s businesses. Take the case of today’s business travelers who by necessity leave their companies able to access important information from anyplace, any time. Lost laptops and mobile devices, unsecured wireless networks the opportunities for data compromise are many.

Here are a few tips for the masses of traveling business workers out there that will help keep company (and their own personal) information safe from prying eyes.

1. Make sure your mobile devices are “travel ready.”
Even if you are using your own device for business purposes, likely the company has set in place requirements for reasonable information security controls that must be in place if an employee is to use his or her own device for business purposes. For travel purposes, these will likely include removing sensitive material from your mobile device, in addition to standard precautions such as encryption, disabling of file-sharing, peer-to-peer communications, vulnerable ports (for laptops and other devices), and various security and antivirus programs. While it is up to the company to assist in making your device travel-ready, it will be up to you to employ data security policies, procedures and technologies correctly to avoid any problems.

2. Don’t check in.
Location-based tools are rapidly increasing in popularity, thanks in part to the pinpoint accuracy of geo-location technology found in today’s mobile devices. These services can provide useful information on places to eat or nearby services, but keep in mind that there are downsides when users “check-in” on a location-based social network, for example, they’ve broadcast to the world vital information as to their whereabouts, which unintentionally might provide vital information to a competitor. A seemingly harmless check-in at the airport neighboring a potential client headquarters might be all a savvy competitor needs to plan its strategy. Competitive intelligence is increasingly valuable and there are companies that have caught on to using the information freely available from social networking tools to their advantage. When in doubt, “think before you post.”

3. Don’t forget about paper.
Given the proliferation of mobile devices and electronic data, it’s easy to dismiss sensitive paper documents as a concern, but make no mistake: the data that travelers carry with them is not all electronic in nature. Many companies still prefer contracts, legal documents, anything that requires signature, in paper form, but there are many other possibilities: Confidential reports, spreadsheets containing personal identifiers, etc. The physical security of these documents needs to be taken into consideration. Never leave documents unsecured in a hotel room or rental car; keep them in the room safe when not in use or, if at all possible, keep them with you in a locked briefcase.

4. Know the latest and greatest scams/threats.
As we continue to hear of more scams specifically targeting travelers, it is important to be aware of the threats. Social engineering schemes seem to dominate, particularly at hotels. In fact, many hotels post warnings about scams intended to trick customers into providing their credit card information over the phone. Sensitive business data aside, it’s important for business travelers to recognize and minimize their risks. Organizations like the BBB, travel agencies, or the U.S. Department of State (for international travelers) frequently publish information on the latest scams targeting travelers’ information.

5. Be extra vigilant during international travel.
The FBI has been warning of cyber-espionage for some time, and corporate entities doing business abroad are at risk. In many countries, the laws protecting your sensitive data may be quite weak, making it easier for opportunistic cyber criminals to steal data. In other instances, foreign competitors may aggressively target your corporate travelers in an effort to steal valuable intelligence.

Whatever the case, there are a few things that international travelers should keep in mind:

  • Before you go, make sure you are familiar with national and local laws and customs
  • Prior to travel, remove all unnecessary information from laptops, smartphones and other mobile devices, and make sure your security software is up-to-date
  • Laws concerning surveillance of electronic devices may be lax in other countries; be aware that your work and conversations may be monitored
  • If at all possible, do not leave your mobile devices unattended, and do not accept any foreign electronic storage devices (such as thumb drives) or allow them to be connected to your computer
  • Upon arrival back home, change all of your passwords on any mobile device, including voicemail passwords
By Kroll Editorial Team

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.