Cybersecurity Tips for International Travel
Good cybersecurity practices should never end when an employee needs to travel internationally. If anything, the employee needs to increase his or her cybersecurity awareness because the risks of data loss or theft can increase when an employee leaves the jurisdiction of the United States.
International cybersecurity risks are more than just random crimes of opportunity. In 2014, for example, the Kaspersky Lab security firm uncovered an organized cyberattack effort that it dubbed “DarkHotel”, which appeared to target executives who stayed at luxury hotels while traveling in Asia. The attack placed malware on executives’ laptops when they logged into the hotel Wi-Fi. The malware operated to siphon data from the executives’ computers over a period of time, and certain signature elements of the cyberattack pointed to nation-state support.
Knowing this, an international traveler needs to take added precautions with data and device security:
Avoid Free Wi-Fi and Turn Off Bluetooth Connectivity
A security research firm recently disclosed that common vulnerabilities in Bluetooth-enabled devices can allow hackers to hijack data and communications on those devices. A company’s employees should likewise be well aware of the risks associated with free Wi-Fi services. Given that the DarkHotel hackers relied on Wi-Fi logins in international hotels to spread malware, international travelers should take extra care with Bluetooth and Wi-Fi connections.
Know the Local Laws and Rules
Data privacy and other rules that offer some protection within U.S. borders will likely not apply once an employee crosses the border. Security personnel in a foreign country might seize laptops and other electronic devices that harbor sensitive data, or demand encryption keys in order to read secure data. Some countries ban data encryption, and may require individuals to report confidential information received from foreign travelers. Again, as implied in the DarkHotel hacking case, foreign nation-states have been under suspicion of supporting hacking efforts. If local rules and laws indicate that foreign security personnel have a right to review data on an electronic device, that data should be removed before an employee goes overseas.
Establish a Protocol for Theft of Laptops and Devices
One recent study revealed that by the end of 2016, one laptop is stolen every 53 seconds, and that 80 percent of the cost of a stolen laptop flows from a subsequent data breach that was facilitated by data on the stolen laptop. The risk of losing a laptop or electronic device to theft increases exponentially with international travel. At a minimum, international travelers should utilize mechanisms that allow remote data wipes that remove some or all information from stolen computers.
Practice Common Sense Privacy
Privacy screens that keep curious onlookers from seeing device displays, virtual private networks (VPNs) for communications with employer networks, and physical device locks all improve the cybersecurity of an international traveler. Confirm that all software and applications are fully up-to-date on all computers and devices that will be used in international travel. Employing multiple privacy and security mechanisms at the same time will prevent opportunistic cyberthieves from trying to steal data or devices.
Control Damage with a Cyber Protection Policy
Realize that regardless of the defenses and protections that are imposed over an international traveler’s devices or an employer’s network, not every data breach will be prevented. A company can recover a substantial portion of its direct losses and limit downtime with reimbursement from a cyber protection policy. If customer data is lost in the breach, a cyber protection policy can also cover liabilities that a company might face from third parties whose confidential and proprietary information has been compromised. That policy can also cover regulatory fines imposed on account of a business’s failure to properly protect customer data.