Unplugged: Tips for Traveling Abroad Securely
July 14, 2016
Jobs that require regular travel are commonplace in today’s modern world. Many employees are asked to travel to different countries, whether it's because of office expansion, to attend a conference, or report on a particular event. As such, it is critical for businesses to be aware of risks their employees may run into when traveling, particularly in regards to the security of their endpoint devices.
There are many stresses in advance of a trip and more often than not, we are jamming our cell phones, laptops, and tablets into our bags 'just in case' instead of considering the risks to our corporate data and privacy.
Here's what many employees don't know: when taken abroad, mobile electronic devices may be subject to local laws, including inspection and seizure. At all international borders, the contents of any device may be examined, and when devices are encrypted, significant penalties may be enforced if encryption keys are not provided.
As a general recommendation, we suggest not crossing borders with corporate or personal devices including mobile phones, laptops and tablets, that hold confidential company information that could harm the business or other critical interests if disclosed to the host country. This should be kept top of mind when travelling to countries where:
- There is strong industrial and/or nation-state competition
- The country is not on friendly terms with your home country
- There is significant civil unrest, political discord, crime and or violence
However, it is understandable that employees may not be able to afford that workaround. If carrying a device with confidential information is essential to your travel needs, consider the following recommendations in order to protect yourself, your electronic devices and your organization while travelling abroad:
- If practical, use a temporary device such as a freshly-built laptop and/or a prepaid "throw away" cell phone purchased specifically for travel. As an added protective measure, wipe the devices clean before travel.
- Backup any information from your device before the trip.
- Cover internal laptop cameras.
- If you must take your electronic device(s) with you, only include information that you will need for your travel.
- When not in use, turn off the device(s). Do allow them to be in "sleep" or "hibernation" mode when they are not in active use.
- Use strong passwords (including complex phrases, symbols and capitalization) to protect your devices. This will not be effective at border crossings, but may protect you from future access or surveillance attempts.
- Minimize the data contained on the device. This is particularly true of logins, passwords, credit card information, social security numbers, passport numbers, etc.
- Assume that anything you do on the device, particularly over the Internet, will be intercepted. In some cases, encrypted data may be decrypted.
- Never use shared computers in cyber cafes, public areas, hotel business centers, or send corporate data on devices belonging to other travelers, colleagues, or friends.
- Do not complete any financial transactions or upload a corporate document to a shared folder from a public Wi-Fi zone.
- Keep the device(s) with you at all times during your travel. Do not assume they will be safe in your hotel room or in the hotel's safe.
- If you used your own device, reformat its hard drive and reinstall the operating system and any other related software, upon your return home.
- Change any and all passwords you may have used abroad.
If your organization requires more information relating to the security risks of employee travel, please feel free to contact one of our security specialists.
About Herjavec Group
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity solutions and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services globally supported by a state-of-the-art, PCI compliant, Security Operations Centre (SOC), operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including head offices in Toronto (Canada), New York City (USA), Reading (United Kingdom) and Sydney (Australia). For more information, visit www.herjavecgroup.com.