Elevated threats mean business travelers must be more security conscious
The rise in cyber threats that came with the pandemic shows no sign of slowing down. What’s changed, however, is that the targets are quite literally moving, as opposed to working from home. Business execs back travelling the globe have inadvertently found themselves in the crosshairs of cybercriminals as they attend conferences, visit customers and pursue opportunities in new markets – or extend their stays abroad and work remotely.
In the first quarter of this year, American Airlines reported that business passengers had reached 80% of 2019 levels. What’s worrying is that only less than a third (31%) of organizations include cyber security in their travel policies. And travelling for work is a little like working from home – clocking in and out becomes blurred, and it’s easy to let your guard down. Unscrupulous cyber gangs know this; they have been going after executive class travelers for years.
Security gets personal
Cybercriminals have been hacking hotel WiFi networks for over a decade. Their techniques give a good insight into the type of threats business travelers face, ranging from spear phishing emails to malware that collects confidential data. The lesson to learn is to be extra wary of sharing too much about yourself, on social media or in person.
Be careful where you work on your laptop or take calls on your mobile phone. More so than in the office, you have to take personal responsibility for your behavior. Social engineering is rife and a very profitable enterprise for a criminal fraternity that will con and manipulate people into giving up confidential information about themselves, and then use it to unlock access to corporate systems and data.
Worse still, there are nation states where industrial espionage through surveillance and intercepted communications are commonplace. It is advised not to bring any smartphones, laptops, tablets or other electronic devices to high-risk regions. If you have to, contact your IT team in advance of travel for additional advice and guidance.
When it comes to ‘honey traps’, targeted sexual interactions for blackmail purposes, you’re completely on your own. Be vigilant because ‘bad actors’ in hostile states have been known to cultivate inappropriate relationships under the guise of normal business interactions.
Zero trust behavior
The safest approach is zero trust behavior. Upon arriving at a destination, assume local communications are bugged or compromised; never discuss sensitive information over the local landline or mobile networks and don’t use public WiFi unless connected to your organization’s VPN.
Avoid using shared computers in hotels or conference venues, and stay away from public faxes, printers, photocopiers and paper shredders. Keep an eye out for spear phishing emails – giveaway clues are weird spellings in the sender’s email address and heightened language that tries to cajole you into clicking on a bad link.
When you’re out and about, only discuss details of what you’re doing with people who ‘need to know’; wear ID badges only when necessary and keep them safe. Try walk-and-talk meetings, instead of discussing confidential matters in public places.
The reality is that most business people will travel with equipment because they’ll need it to do their jobs. Aside from ensuring standard security policies are in place, particularly pertaining to endpoint security, a number of rules should become standard practice while abroad:
- Where possible leave sensitive information at home, not on devices.
- Never give anyone access to your device.
- Never use gadgets/equipment (USBs, Phones, CDs, etc.) given as gifts.
- Turn off devices at airport security and exercise extra caution where interference with electronic devices could occur.
- Never charge phones at public charging stations.
- Notify the IT team immediately if a device is lost or stolen.
- If you must carry sensitive paperwork, always keep it in your possession.
Before you set off, liaise with your colleagues in your organization’s IT team to ensure your device is up to date with the latest security patches. The objective is to avoid any software updates while away, which will minimize the risk of many well-known hotel WiFi exploits. After that, it’s down to you. Be vigilant about potential threats and careful with the company you keep.