A recent survey of professionals from 515 organizations in 56 countries worldwide said that data security is expected to have the biggest impact on their travel programs this year. Given the proliferation of smartphones and tablets, these results are hardly surprising but have many organizations wondering: how can we minimize our data security risks? Ensure even your tech savviest travelers understand how to protect your company’s precious data with these five practical tips:
1) Have a loaner policy: Work with your IT team to institute a program that requires traveling with rental devices instead of personal equipment. This will limit the amount of data at risk should employees’ laptops, tablets or phones be lost, stolen or searched. Loaner devices can also be easily wiped after a trip.
2) Keep devices secure: Security studies reveal that forty-seven percent of misplaced devices are lost while offsite, often during business trips or at a client’s office. Make sure employees never pack electronic devices in checked luggage. They can be crushed, stolen, searched, or even legally confiscated by border agents. Also, don’t leave devices unattended in hotel rooms—yes, this even includes the safe, as most hotels have a way for staff to get into them if push comes to shove (say, if someone forgets their passcode). Instead, encourage employees to take their devices with them everywhere they go…if that doesn’t incentivize them to pack only what they need, we don’t know what will!
3) Be checkpoint savvy: Travelers in groups should use a team approach to watch devices on both sides of the airport security checkpoint. You may also want to consider allowing employees to spring for security-friendly laptop bags (on your company’s dime). TSA recently encouraged manufacturers to design bags that will produce a clear and unobstructed image of the laptop when undergoing X-ray screening. A design that meets these standards enables the TSA to allow laptops in bags during screening which reduces the risk of mishandling, damage and theft.
4) Do some legwork: Visit the U.S. State Department’s Country Information pages to obtain information about data security in different countries—for example, if you were to visit China’s page under the “Special Circumstances” section, you would see that telephone and internet usage may be monitored and personal possessions in hotel rooms (including computers) may be searched without consent or knowledge; additionally, the State Department warns that business travelers in China should be particularly mindful as trade secrets, negotiating positions, and other company-sensitive information may be taken and shared with local interests.
5) Use VPN: Employees who access company data on public networks can jeopardize sensitive files including customer information, corporate data and intellectual property. So whether an employee is using public Wi-Fi at 30,000 feet or in a swanky hotel lounge, your company’s data is at risk. The best defense? Use Virtual Private Networking (VPN) to connect to company resources. With VPN, business data is virtually inaccessible to hackers and password/logins are encrypted. And speaking of encryption—check that your IT team has installed encryption software on your employees’ hard drives. Encrypting data makes it completely unreadable to anyone but its intended recipient.
Food for thought: In the recent DarkHotel attacks and other sophisticated hacking cons like them, VPN connections weren’t enough to safeguard the business travelers that were targeted. This opens up a whole other can of worms for travel and IT professionals, but many experts agree that one of the best defenses against these scams is NOT performing any system administrative tasks or updates while traveling; if they can’t be avoided, going to the software vendor’s site directly to download the update is a much safer option.