How to Stay Safe Traveling in a Global Market
The global economy requires executives and other corporate employees to travel around the world with more frequency. They bounce from one Wi-Fi network, airport and hotel to another, so how can they stay secure when traveling?
Safety begins with proper planning. With the increase in travel comes an increase in opportunities for would-be thieves. First identify what needs to be protected and who it needs to be protected from. This is referred to as threat modeling and should be the first step in any security analysis as a Source article brings out. In addition, the article brought out the goal is to construct a picture of what you’re up against and to answer these questions to make your security plan:
-
What do you want to keep private?
-
Who wants to know?
-
What can they do to find out?
-
What happens if they succeed?
Among many things, company data needs to be kept private. But is that it? No; would-be thieves are also looking to get your personal data. Especially for the executive.
If you’re visiting a country where corporate espionage is common, think about the ways rival firms or how countries could access your system. For example, in countries like Russia and China, they examine all the data traversing their communications network.
Then think about how a would-be attacker might try to get the data. Would they try a phishing attack? Slip malware onto your system? Or would they try to steal your laptop at a coffee shop as you’re adding sugar and cream to your coffee (because we still drink coffee at coffee shops, right?)?
What Can be Done to Secure The Data?
What can be done, then? Let me illustrate it this way; when you leave your house, where’s your wallet? Do you leave it out in the open for someone to take, or do you have it securely tucked away? Treat company and personal data as you would your wallet.
When it comes to the digital devices you need on a trip — do you really need to bring the company laptop that is filled with proprietary documents? If not, consider travel-only devices that you won’t use when you return home or that you can completely wipe clean. While it may not be the most cost-effective way to travel, it’s one way to avoid bringing unnecessary information into an insecure setting. Some business executives on trips to countries that are known for dangerous networks will only bring blank laptops and burner cellphones.
Some other ways to keep data secure is to use strong passwords (and make sure when you are entering your password there isn’t someone around shoulder surfing you), use a VPN to your corporate network, use encrypted email, and anonymous browsing systems. When looking for an anonymous browser or what plugin to use in your current browser check out what the professional reviews say about them and make sure they are safe to use on your system.
It is always recommended that if you’re traveling and you must access your corporate network, to always use the corporate VPN. If you are a small business, before you travel you should invest in setting up a VPN server or a VPN router at your business location. That way you can access your company data securely and not have to travel with any company data on a laptop. When looking for VPN software or remote access applications or VPN services, make sure they are recommended by security professionals and meet the level of security you are needing.
I found these tips on the CUNY site useful as well as the ones on the SecurityMagazine.com site. Some of the tips they provide are:
-
If you are bringing private data, not on a computer, copy the data onto an encrypted USB memory device.
-
Install a host-based firewall, and configure it to deny all inbound connections.
-
Disable file and printer sharing.
-
Disable Bluetooth.
-
Password protect the login, and require the password after screen-saver.
-
Apply full disk encryption, picking a long, complex password. This will provide a substantial layer of protection should the workstation or medium become lost or stolen. The user should memorize the password, or keep it in a secure location on his/her person.
-
Untrusted location = untrusted network.
-
Be cautious when clicking on update pop-ups, especially while using untrusted hotel Internet connections. Some pop-ups are scams designed to trick people into installing malicious software. Update your software by going directly to the vendor’s website.
-
When you return, you should reset your passwords.
-
You have no reasonable expectation of privacy in some countries.
-
Connections in cyber cafes, public areas and hotels can be safe with a VPN, but should otherwise be considered insecure and probably monitored by unsavory agents. Physical PCs in such places may contain keystroke logging or other malicious methods to gather your information.
-
Do not loan your device to anyone, or attach unknown devices such as thumb drives. Thumb drives are notorious for computer infections.
-
Disable device illicit access via wireless technologies by:
-
Using airplane mode to disable or suspend all connectivity.
-
Disabling Wi-Fi when not in use. Wi-Fi ad-hoc mode or insecure file sharing enables direct access to devices.
-
Disabling Bluetooth when not in use (or set it to “hidden,” not “discoverable”). Be aware that rental car Bluetooth PBAP (Phone Book Access Profile) functionality loads your entire address book, while Bluetooth (Personal Area Network) functionality enables connections with other Bluetooth devices.
By following these tips your company and personal data will be more secure.
Of course, if you feel you’ve been attacked and compromised, call your IT department and change your passwords immediately (this should go without saying, but, I’m going to say it anyway; change them in a secure area).
Traveling can be done in a way that will minimize the risk of data compromise, so, plan your security as well as your travel arrangements. Use the recommend tips above, guard your data as you would your wallet and remember this: minimize the opportunity, minimize the chances for an attack. By applying the recommendations, you will be able to travel and keep both the company’s and your personal data secure in this global economy.
Safe travels.
Written by: Mike Hadnagy
Sources:
http://www2.cuny.edu/wp-content/uploads/sites/4/page-assets/about/university-resources/emergency-preparedness/travel-safety-resources/CUNYCyberSecurityAwarenessTipSheetForeignTravel.pdf
https://theweek.com/articles/586938/how-keep-data-secure-traveling
https://source.opennews.org/articles/security-journalists-part-two-threat-modeling/
https://travel.state.gov/content/travel/en/passports.html
https://www.securitymagazine.com/articles/85271-checklist-24-steps-for-data-security-while-traveling-abroad
https://www.csoonline.com/article/2133137/loss-prevention/executive-protection%E2%80%934-essentials-for-secure-travel.html