How to stay cyber safe when you’re travelling for business
Published 04-DEC-2018 16:34 P.M.
5 minute read
Hey! Looks like you have stumbled on the section of our website where we have archived articles from our old business model.
In 2019 the original founding team returned to run Next Investors, we changed our business model to only write about stocks we carefully research and are invested in for the long term.
The below articles were written under our previous business model. We have kept these articles online here for your reference.
Our new mission is to build a high performing ASX micro cap investment portfolio and share our research, analysis and investment strategy with our readers.
Click Here to View Latest Articles
Business travellers are particularly vulnerable to falling victim to cybercrime. Every business traveller wants to be efficient and connected, but in doing so they can put themselves and their organisations at risk. Many travellers will be trying to get through their emails between flights and on the go, rarely stopping to think about what they’re opening or downloading in the race to respond.
Email, public wi-fi and personal security are all common vectors cyber criminals use to target unsuspecting business travellers and their employers. Here are some of the ways I’ve learned to protect myself over my years of frequent flying.
Avoid public Wi-Fi
The first thing travellers need to be wary of is public Wi-Fi. This could be in an airport lounge, hotel or cafe. These hotspots are rarely secured, meaning hackers can access the data carried across the network, including passwords and other credentials. When you need to get online, use your smartphone and create a cellular hotspot. Cellular communications are encrypted, so your data will stay safe in transit. Investing in a data plan is one of the best business travel investments you can make.
Think before you click
Email is by far the most common form of business communication, so it’s unsurprising that it’s also the most common attack vector used by cybercriminals. When you’re on the go, reviewing and sending emails from your smart device, you can easily fall into the trap of opening emails and attachments that look like they come from a known sender.
Regardless of how little time you have in between flights and cities, when it comes to email, the best strategy is to stop and ask yourself - ‘is this email really from who it claims to be?’ and ‘is this attachment legitimate?’
Email hacking can take the shape of what’s known as phishing or impersonation emails that seek to trick you into handing over credentials that allow an attacker into your device or onto a corporate network. These attacks are increasingly common and often appear to come from someone in authority within your company.
Recent research into the State of Email Security noted 42 per cent of Australians surveyed saw the volume of impersonation attacks asking for confidential data rise, with 41 per cent of organisations suffering data loss because of an impersonation attack in the past 12 months.
Malicious links are notoriously difficult to spot, particularly if you’re using a smart device where visibility is compromised. These can take the appearance of a URL that looks familiar but instead will direct you to a website where malware or ransomware is automatically downloaded onto your device, potentially spreading onto the network, compromising the business and its customers.
A VPN will serve you well
When you’re out of the office, it’s sensible to use a virtual private network (VPN) to secure communications back to home base. A VPN will encrypt all traffic traversing the internet between the device and the country of origin, right back to the corporate server. Although a VPN may slow down traffic, this is a small price to pay for security.
Be prepared for border inspections
Many border forces now have the right to inspect devices carried by incoming travellers. Because of this, the sensible rule of thumb is to avoid carrying sensitive information on your device. Before you leave home, back up what you need, and don’t take anything else.
It’s far better to access cloud-based applications and data held behind the corporate firewall once you’re in country using cellular connectivity. Many companies, particularly those with employees travelling to countries where inspections are common practice, will have custom laptops and phones for travellers. These devices are ‘clean’ and will also be wiped when the traveller returns, ensuring that sensitive data doesn’t fall into the wrong hands and that any malware or phishing applications are also removed.
If you’re ever in doubt about whether your devices have been compromised, stop using them and hand them over to your corporate security team when you return for inspection, wiping and the reinstallation of software.
Charging stations may not be so convenient
Even the simple act of charging a device at a charging station in a hotel or airport can be fraught with risk. Bad actors are known to install spy devices into charging stations – when you plug in your phone, they’re able to download virtually the entire contents of the phone without you even realising.
If you need power, use the cable and charger that came with the phone and find a spare power point. Either that or invest in a powerbank that can recharge the phone a number of times and can then be safely recharged itself at any convenient location, as it doesn’t have data or any processing power of its own.
Final tips before you take off
Make sure your devices are password protected. It’s also worth investing in two-factor authentication, such as a USB key or code that is sent to you when you attempt to log in. And practice good password hygiene – don’t recycle passwords, and don’t share them with other people under any circumstances.
And pick up a screen protector as you’re passing through duty free. These limit your screen viewing angle, preventing unwanted eyes seeing confidential information.
When you’re in the know before you go, it will be business as usual when you travel.
Nick Lennon is Country Manager for Mimecast, which provides advanced security, continuity and archiving cloud services for business email.
General Information Only
S3 Consortium Pty Ltd (S3, ‘we’, ‘us’, ‘our’) (CAR No. 433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information and is for informational purposes only. Any advice is general advice only. Any advice contained in this article does not constitute personal advice and S3 has not taken into consideration your personal objectives, financial situation or needs. Please seek your own independent professional advice before making any financial investment decision. Those persons acting upon information contained in this article do so entirely at their own risk.
Conflicts of Interest Notice
S3 and its associated entities may hold investments in companies featured in its articles, including through being paid in the securities of the companies we provide commentary on. We disclose the securities held in relation to a particular company that we provide commentary on. Refer to our Disclosure Policy for information on our self-imposed trading blackouts, hold conditions and de-risking (sell conditions) which seek to mitigate against any potential conflicts of interest.
Publication Notice and Disclaimer
The information contained in this article is current as at the publication date. At the time of publishing, the information contained in this article is based on sources which are available in the public domain that we consider to be reliable, and our own analysis of those sources. The views of the author may not reflect the views of the AFSL holder. Any decision by you to purchase securities in the companies featured in this article should be done so after you have sought your own independent professional advice regarding this information and made your own inquiries as to the validity of any information in this article.
Any forward-looking statements contained in this article are not guarantees or predictions of future performance, and involve known and unknown risks, uncertainties and other factors, many of which are beyond our control, and which may cause actual results or performance of companies featured to differ materially from those expressed in the statements contained in this article. S3 cannot and does not give any assurance that the results or performance expressed or implied by any forward-looking statements contained in this article will actually occur and readers are cautioned not to put undue reliance on forward-looking statements.
This article may include references to our past investing performance. Past performance is not a reliable indicator of our future investing performance.