Traveling for business or pleasure inherently creates increased cybersecurity exposures. Reliance on third-party internet connectivity to access cloud-based software as well as varied laws and regulations regarding cybersecurity in many countries may put you and your organization’s data at risk. In fact, many large organizations are opting to issue clean burner phones and laptops to traveling employees in order to minimize the risk of these threats.
While leaving your devices and sensitive data at home is always the best approach, sometimes it is not feasible. Below are a number of protections and protocols you and your employees can take to protect sensitive data when traveling.
- Encryption. If it is critical to bring your laptop/device, make sure the data is encrypted. As an organization, work with your employees to ensure access to data using a secure VPN. Computers should be kept “off” not in standby to prevent encryption data from being stored temporarily on the internal memory. In some countries, customs officials may ask to unlock and power on your device. They even have the right to keep a copy of your data.
- Connection. Think before you charge devices. The USB port could have more than just power wires and could wipe data off of your phone.
- Do not pair your phone. Using a Bluetooth connection to pair your phone to an audio system, including in a rental vehicle can be risky. This connection may leave behind your device name, contacts, text messages, call details and more.
- Accessing data remotely. Avoid retrieving data through public access points. Otherwise, unwanted data could be leaked as these connections are not secure and easily hacked. Never conduct sensitive business over a public access point.
Using a clean computer to access cloud-based systems on a secure network is often the safest approach. However, if your system has security protocols such as Two Factor Authentication (2FA) enabled, you need to make sure you are able to access the security prompts on your secondary device to confirm your identity. For example, if you leave your mobile device at home and the 2FA is sent as a push notification to that device which you do not have immediate access to, you may become locked out of the system. Think and plan ahead to ensure your continued access as needed.
International travel poses risks for all individuals and organizations. It is important to think about traveling with your data before “bringing” it with you. The less information and devices you travel with, the less risk you take. As an employer, it is important to ensure the cybersecurity knowledge of your traveling employees.
Talk to a trusted advisor today to learn more about risk management and insurance solutions for the cybersecurity of your international business.