Travel — both domestic and overseas — goes hand in hand with modern-day business life. However, it’s important to understand potential information security concerns before selecting a travel management partner.
Learn about the top four risks during business travel so you can make informed decisions, plan accordingly, and mitigate risks.
Data Made Vulnerable
Thanks to laptops, smartphones and the myriad other devices that keep us connected, today’s workforce is extremely mobile. For as many benefits as these technological advancements have ushered in, they also pose significant risks to organizations — be it equipment and data loss or customs and security clearance issues — especially when company policies aren’t strictly followed or enforced. During travel, cyber-criminals can gain access to personal information, company data and company networks.
Among the riskiest locales for theft during business travel is airports. Unless valuables are kept in sight at all times, they are easily subject to theft. That includes when you’re passing through security and if items are placed in cargo or stashed in overhead bins. What’s more, border agents — as confirmed by the Department of Homeland Security — are legally allowed to search through files, including on laptops, smartphones and any other digital device, when you enter the country. No reasonable cause is required. Officials can then keep any found data and devices, and they can require you to provide passwords while devices are encrypted.
When traveling, it’s common to use public hotspots — whether in airports, cafes or business centers — as a means to access the Internet. But doing so significantly increases the risk of data compromise since it’s common to find spyware on devices and USBs can also be a source of infection. What’s more, hackers can — and do — set up fake WiFi networks as a means to capture sensitive information.
International Laws and Corruption
International travel is a regular reality for employees at most corporations. In the case of authoritarian regimes, however, governments may attempt to view mobile devices and international media using inherent ideologies to justify it.
Then there’s the matter of corrupt officials, who may — for example — demand that a “tax” is paid in order to maintain possession of devices. Travelers have no choice, really, but to pay, in the meantime leaving their technology subject to information theft.
To prevent unwanted access and theft, employees should limit the presence of sensitive data, first and foremost. Meanwhile, corporations must capitalize on remote access security measures via means like SSL VPN, along with RSA key fobs. Additional precautions must be in place, too, since every destination is different and what works in one may not work in another. Added considerations include alarming or tagging equipment, enlisting remote data deletion technologies, using multi-factor access authentication and employing secure online storage solutions.
When travel arrangements are outsourced to a business travel agency, it is imperative that you select a travel management company like AmTrav that is committed to information security, using only systems that are secure and robust. Be sure to work only with a TMC that properly protects company assets, including data and employee information; has established and effective access control procedures, and provides information only on a need-to-know basis. Meanwhile, it is vital that employees understand their personal responsibilities when it comes to traveling with corporate and personal data.
By: Jennifer O.