Louise Hogan, a security specialist in Dubai, advises business travellers on cyber security risks and mitigation measures. In this post, she highlights the potential risk exposures for business travellers.
I regularly deal with client queries on cyber security, particularly from clients’ employees travelling. I am always surprised at how many travellers have not previously considered cyber security as a risk.
Cyber security is often highlighted as one of the top risks to organisations today, yet only 33% include it in their travel policy1. Mobile employees present a particular weakness for a company’s cyber infrastructure due to their reliance on mobile devices and unsecured networks. Here are some of the key issues we see affecting mobile employees.
Location and Profile
Although cyber security risks transcend borders, the level of travel related risk can vary from country to country and purpose of travel. It’s important to take these factors into consideration to determine your personal exposure to cyber security risks.
An area I find many travellers overlook is their device security. It’s important to ensure all your devices are locked with a personal pin code or password. When I travel, if I have to leave my devices unattended, I ensure they’re well secured in the hotel safe.
Border officials in some countries can legally demand to inspect your devices and its contents prior to letting you enter the country. If travelling to a destination where this is a more common practice such as the United States, I do not travel with any devices containing sensitive or confidential personal information. When approaching customs, ensure you switch off your devices.
If officials request to inspect your devices, comply with the request as refusal can end in detention or refusal of entry. However, you should consider these devices compromised following any inspection and immediately let your IT and Security departments know.
Travellers often have no option but to rely on potentially unsecured networks and USB charging stations in hotels, airports or restaurants while travelling in order to get their work done. This exposes travellers and their organisations to much higher risks however; public networks can easily be accessed by cyber criminals. USB charging stations can also easily be manipulated by cyber criminals to install malware or steal data from a plugged-in device.
It is important to use a Virtual Private Network (VPN) before connecting to any public network, such as at the airport or in your hotel, to protect your data and block cyber criminals from access to information they can then utilise for phishing attacks. Ensure you always travel with additional power packs and only use your own power blocks or USB chargers.
When briefing clients travelling to locations with a high kidnapping risk, they also seem surprised when I ask if they use fitness tracking apps. But fitness tracking apps on your phone and wearable fitness devices provide detailed information on your movements, your routine and your exact location at any given time providing invaluable information for criminals. Even ensuring you are varying your routine is scant protection, if criminals have accessed your devices and have an accurate fix on your location at all times.
In my experience, too many companies and employees continue to think of cyber security as an IT issue. Considering how much we rely on our devices, particularly when we travel, it should be one of the primary concerns for travellers, rather than an afterthought. Mitigating cyber risk should be part of any mature travel risk management programme and high on the agenda as part of an organisation’s Duty of Care.
1Ipsos MORI & International SOS, Business Resilience Trends 2019, https://www.internationalsos.com/risk-outlook
For up-to-date news about International SOS, as well as engaging real-life stories about how we leverage our knowledge and expertise to help our clients, subscribe to our magazine.