How to stay cyber safe when you’re travelling for business
Business travellers are particularly vulnerable to falling victim to cybercrime. Every business traveller wants to be efficient and connected, but in doing so they can put themselves and their organisations at risk. Many travellers will be trying to get through their emails between flights and on the go, rarely stopping to think about what they’re opening or downloading in the race to respond.
Email, public wi-fi and personal security are all common vectors cyber criminals use to target unsuspecting business travellers and their employers. Here are some of the ways I’ve learned to protect myself over my years of frequent flying.
Avoid public Wi-Fi
The first thing travellers need to be wary of is public Wi-Fi. This could be in an airport lounge, hotel or cafe. These hotspots are rarely secured, meaning hackers can access the data carried across the network, including passwords and other credentials. When you need to get online, use your smartphone and create a cellular hotspot. Cellular communications are encrypted, so your data will stay safe in transit. Investing in a data plan is one of the best business travel investments you can make.
Think before you click
Email is by far the most common form of business communication, so it’s unsurprising that it’s also the most common attack vector used by cybercriminals. When you’re on the go, reviewing and sending emails from your smart device, you can easily fall into the trap of opening emails and attachments that look like they come from a known sender.
Regardless of how little time you have in between flights and cities, when it comes to email, the best strategy is to stop and ask yourself - ‘is this email really from who it claims to be?’ and ‘is this attachment legitimate?’
Email hacking can take the shape of what’s known as phishing or impersonation emails that seek to trick you into handing over credentials that allow an attacker into your device or onto a corporate network. These attacks are increasingly common and often appear to come from someone in authority within your company.
Recent research into the State of Email Security noted 42 per cent of Australians surveyed saw the volume of impersonation attacks asking for confidential data rise, with 41 per cent of organisations suffering data loss because of an impersonation attack in the past 12 months.
Malicious links are notoriously difficult to spot, particularly if you’re using a smart device where visibility is compromised. These can take the appearance of a URL that looks familiar but instead will direct you to a website where malware or ransomware is automatically downloaded onto your device, potentially spreading onto the network, compromising the business and its customers.
A VPN will serve you well
When you’re out of the office, it’s sensible to use a virtual private network (VPN) to secure communications back to home base. A VPN will encrypt all traffic traversing the internet between the device and the country of origin, right back to the corporate server. Although a VPN may slow down traffic, this is a small price to pay for security.
Be prepared for border inspections
Many border forces now have the right to inspect devices carried by incoming travellers. Because of this, the sensible rule of thumb is to avoid carrying sensitive information on your device. Before you leave home, back up what you need, and don’t take anything else.
It’s far better to access cloud-based applications and data held behind the corporate firewall once you’re in country using cellular connectivity. Many companies, particularly those with employees travelling to countries where inspections are common practice, will have custom laptops and phones for travellers. These devices are ‘clean’ and will also be wiped when the traveller returns, ensuring that sensitive data doesn’t fall into the wrong hands and that any malware or phishing applications are also removed.
If you’re ever in doubt about whether your devices have been compromised, stop using them and hand them over to your corporate security team when you return for inspection, wiping and the reinstallation of software.
Charging stations may not be so convenient
Even the simple act of charging a device at a charging station in a hotel or airport can be fraught with risk. Bad actors are known to install spy devices into charging stations – when you plug in your phone, they’re able to download virtually the entire contents of the phone without you even realising.
If you need power, use the cable and charger that came with the phone and find a spare power point. Either that or invest in a powerbank that can recharge the phone a number of times and can then be safely recharged itself at any convenient location, as it doesn’t have data or any processing power of its own.
Final tips before you take off
Make sure your devices are password protected. It’s also worth investing in two-factor authentication, such as a USB key or code that is sent to you when you attempt to log in. And practice good password hygiene – don’t recycle passwords, and don’t share them with other people under any circumstances.
And pick up a screen protector as you’re passing through duty free. These limit your screen viewing angle, preventing unwanted eyes seeing confidential information.
When you’re in the know before you go, it will be business as usual when you travel.
Nick Lennon is Country Manager for Mimecast, which provides advanced security, continuity and archiving cloud services for business email.
S3 Consortium Pty Ltd (CAR No.433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information only. Any advice is general advice only. Neither your personal objectives, financial situation nor needs have been taken into consideration. Accordingly you should consider how appropriate the advice (if any) is to those objectives, financial situation and needs, before acting on the advice.
Conflict of Interest Notice
S3 Consortium Pty Ltd does and seeks to do business with companies featured in its articles. As a result, investors should be aware that the Firm may have a conflict of interest that could affect the objectivity of this article. Investors should consider this article as only a single factor in making any investment decision. The publishers of this article also wish to disclose that they may hold this stock in their portfolios and that any decision to purchase this stock should be done so after the purchaser has made their own inquires as to the validity of any information in this article.
The information contained in this article is current at the finalised date. The information contained in this article is based on sources reasonably considered to be reliable by S3 Consortium Pty Ltd, and available in the public domain. No “insider information” is ever sourced, disclosed or used by S3 Consortium.