As reports of corporate information theft continue to rise and cybercrime is predicted to cost business between $2.1 trillioni in 2019 to $6 trillionii by 2021, one area of particular concern is information security while traveling on business.
Whether in-transit, or at their destination location, business travelers – and by extension their corporate networks – are potentially more vulnerable to malicious cyber and physical information security threats, which are becoming increasingly sophisticated and audacious in their methods of accessing travelers’ confidential corporate information.
It is now standard practice for employees to access company information via mobile devices including laptops, smart phones and tablets, while traveling, or to take sensitive documents with them. Although cyber and information security threats are not constrained by geographic boundaries, travel increases the risk. This is because potential attackers may control the infrastructure on which communications travel, or have greater opportunity to gain physical access to a target and their portable devices. Business travelers are also far more likely to connect to insecure Wi-Fi networks while traveling. As a consequence, away from the office environment, there is greater data vulnerability.
The vast majority of organizations will have comprehensive information security policies in place to protect their privileged data, but when this information is being legitimately accessed remotely by employees on the move, the compliance challenge to keep company information secure is heightened. Malicious information security threats can also use a variety of human and technical intelligence tactics and techniques to collect information, which complicates efforts to secure commercially sensitive information.
Alex McSporran, Director at Control Risks and International SOS, said, ‘With the increasing and constantly evolving threat to company information, in particular information accessed or stored on mobile devices, organizations can provide greater protection for their data through targeted, expert training for their employees. This will equip them with a better understanding of the nature of the risk, and the measures they can take to better secure their information. While technical defences remain critical, appropriate training, planning, preparedness and vigilance can make a real difference in thwarting a potential data compromise.’
Top tips to help protect your data while on the move:
1. Before you travel, it’s important to research the potential threats to your company’s sensitive commercial information, specific to the location you’ll be visiting. This will enable you to implement effective security measures to help prevent problems during your trip.
2. Avoid advertising the exact location or purpose of your business trip.
3. Software Update Make sure that all software on your devices (including but not limited to antivirus software) is up-to-date before departure.
4. Avoid connecting to non-secure networks (such as public WiFi hotspots) when you travel. Where possible, disable any WiFi and Bluetooth capabilities, which can provide additional entry points for attackers and can be exploited without your knowledge. Turning these off will further reduce the likelihood of sensitive information being stolen from your devices.
5. In locations assessed as HIGH threat (this may vary from company to company, depending on the nature of their operations), maintain physical control of your devices and sensitive information at all times. Keep your laptop with you as carry-on luggage and do not loan it to anyone while travelling. When you return from a high-threat location, or if you have witnessed any suspicious activity on your devices, ask your IT service desk to check for signs of malware, unauthorized access, corruption or intrusion. Do not connect your devices to sensitive networks until they have been verified as safe.