By Rebecca Herold, President of SIMBUS LLC, CEO of the Privacy Professor and 3M Privacy Consultant
Are employees leaving themselves, your company and your customers vulnerable to a data breach when they travel? The answer is something we all need to examine – and re-examine – regularly.
Many business travelers simply aren’t aware of the full range of issues they need to address. It’s understandable: trying to ensure data security and privacy is more challenging than ever, complicated by advances in technology, new types of data, and the proliferation of mobile devices. In 2017, there were eight connected devices per person; by 2021, that number is expected to rise to 13 connected devices per person. That’s a lot of ground to cover.
Following is a breakdown of travelers’ common vulnerabilities around data privacy – and a toolbox of behavioral changes and solutions to help mitigate the risks.
A Cautionary Tale
To kick off this discussion, I’d like to share an example I’ve observed in the wild – in this case, an airport in our nation’s capital. I recognized a well-known elected official in the waiting area. The official was reading a document on a tablet, clearly visible from multiple angles, using a large font setting. Later, the official put down the tablet and went to speak with people away from the seating area, leaving the tablet unsupervised and unlocked. When it was time to board, the tablet sat forgotten on the official’s seat until someone else pointed it out to the official just before he had checked in at the gate.
This example may seem extreme, but in my experience it’s common; it’s easy to overlook even the basics of data security when traveling, especially for those who have gotten comfortable with the process. It’s important that we rethink our routines and behaviors to ensure we don’t overlook privacy and security basics.
First, we need to consider visual exposure. It starts with the people in our immediate vicinity, such as the person sitting next to us on a plane or train, but it expands much further. We have to consider who might be above us or behind us at a distance using a device that allows them to zoom in. We have to think about security cameras and other devices intended for protection recording views of the area that could be reviewed by many and stored indefinitely. But we must also consider that the devices could be hacked or used for nefarious purposes. In some locations, we might even need to think about drones!
Verbal exposure also matters. There’s a feeling of anonymity in crowded places that can lull people into a false sense of security. However, we don’t always know who’s around us or what information they might be able to glean and use. Conversations about sensitive company topics should be conducted in private.
Then, there are the ways in which we leave ourselves digitally exposed. Do you use open, publicly-available Wi-Fi in hotels, airports and other public places? Do you use the shared charging stations? Unfortunately, these services pose a significant data security risk. The Wi-Fi risk is better known, but many travelers don’t realize that hackers can quickly install skimmers or “juice jackers” on USB chargers that allow access to the data on the device being charged.
Finally, there is physical exposure – the risk of someone simply taking our devices. This risk is compounded infinitely for anyone who does not lock their devices when not in use, providing easy access to the information stored within. This type of casual or accidental neglect is more common than you’d think – but also easily corrected and avoided.
Stocking Your Data Privacy Toolbox
Fortunately, for every area of vulnerability around data privacy, there are tools available to help address the common threats. Here are key behaviors and technologies that will help keep information safe while employees travel:
- Better situational awareness: You are your own first line of defense when it comes to data privacy and security. Try to position yourself in a way that limits what other people – or devices – can see, hear or record.
- Privacy filter for laptop and device screens: Privacy filters help protect what’s on your screen by blocking unauthorized side views – a particularly useful tool in crowded waiting areas or in transit on planes or trains.
- Lock your devices when not in use: Password-protecting your device is the most basic of all security measures, followed only by locking your device when it is not in use.
- Physical locks and alarms: Having a physical lock for your briefcase or carry-on provides an extra layer of security against opportunistic snatch-and-grab incidents. In addition, laptop alarms are available that combine software with a physical alarm attached to the device. If the device is lost or stolen, the alarm goes off loudly.
- Juice-jack protectors and charging devices: Juice-jack protectors can be attached to the end of your USB cord to protect against skimmers when you charge your devices in public places. It’s also a good idea to travel with personal charging devices, limiting the need to use public chargers at all.
- A portable Wi-Fi hotspot and/or company VPN: Open or publicly-available Wi-Fi leaves travelers vulnerable to all manner of hacking. Ideally, travelers should have their own personal hotspot device to provide their own Wi-Fi, but a company VPN also can provide greater protection on an open network.
- A laptop just for business travel: This may not be possible for all travelers or companies, but a laptop used solely for travel, with the minimum amount of data needed for each trip, offers an advantageous way to limit access to sensitive information.
Used collectively and consistently, this toolbox of solutions can help provide important safeguards for data privacy across devices and throughout the business trip.
About the Author
Rebecca Herold (FIP, CISSP, CISA, CISM, CIPT, CIPM, CIPP/US, FLMI) is CEO and founder of The Privacy Professor consultancy, established in 2004. She is also co-founder and president of SIMBUS, LLC, an information security, privacy, technology and compliance management cloud service for organizations of all sizes, in all industries, in all locations, founded in 2014. Rebecca is a privacy consultant for 3M and receives compensation in connection with her participation as a 3M Privacy Consultant.
 Cisco Annual Visual Networking Index Forecast, 2017