Hardly a week goes by these days without some kind of headline in the media about cybersecurity and data breaches, with some of the biggest names in the travel industry falling victim to cybercriminals hacking into their systems and stealing
sensitive client data.
Apart from the obvious disruption, the consequences can be severe. Both British Airways and Marriott International were given huge fines (£183 million and £99 million respectively) by the Information Commissioner’s Office, the UK’s data
security regulator, for their respective data breaches. The fines were the first to be levied by the regulator as part of the European Union’s new General Data Protection Regulation (GDPR), which has tightened the rules on the use and protection of
As cybercriminals become ever more sophisticated in the way they try to penetrate organisations’ networks and websites, business travellers now find themselves on the front line in the battle to keep data safe. Ironically, as business travel itself unerringly moves towards becoming more ‘seamless’ and convenient, with constantly available Wi-Fi on tap to allow working on the move, the potential risks of cyber breaches become exponentially higher. The challenge is made all the greater by today’s ubiquitous ‘connected’ devices, including smartphones, tablets, laptops, smartwatches, and a plethora of other options.
Fortunately, there are simple steps that organisations and their travellers can take to substantially reduce the risks of potential cyber breaches while they are travelling. Here are some of the main risk areas for business travellers and what they can do to mitigate them:
Beware of public Wi-Fi
Most travellers naturally want to be online as much as possible during work trips, but using unsecured and unencrypted Wi-Fi networks carries a serious security risk – particularly in public areas such as cafes, lounges, airports and even hotels or meeting venues. One way to reduce this risk is by using a virtual private network (VPN), which creates a secure password-protected connection to public open Wi-Fi networks.
Change device settings
Travellers should make sure their devices are locked by using a passcode or fingerprint ID and should also consider changing their passcodes and passwords regularly for all their devices when travelling. Other good practices include not allowing any devices to automatically connect to new Wi-Fi networks and disabling Bluetooth as much as possible.
Keep systems up-to-date
Employers should make sure that any company devices are updated with the latest operating systems and anti-virus software updates. It’s worth noting that some high-profile incidents have only affected organisations whose systems did not have the latest upgrades. All updates should be carried out before leaving the office; it’s not advisable to download any software onto devices when travelling.
Take data precautions
Security specialists urge business travellers to only store data that they will actually need during the immediate trip on their devices so that, if the worst should happen, as little as possible will be compromised. Some IT departments will also loan ‘clean’ laptops and/or smartphones for employees to take with them to further reduce the risk of having data stolen.
Avoid shared devices
Logging into any accounts on a shared computer should be avoided (unless it is absolutely essential) because doing so makes it much easier for criminals to steal information. If these public devices have to be used, then two-step authentication should be used when logging in.
Cybersecurity incidents can often arise from what happens in the real world. For example, if a traveller leaves their printed airline ticket or trip itinerary on the aircraft or in a hotel room, that could give a fraudster access to valuable data, including the traveller’s Passenger Name Record. Travellers should also be aware when having conversations in hotel lobbies that a criminal could be listening in, either in-person or through eavesdropping equipment. Leaving any devices in a hotel room also carries an obvious security risk, so keep them with you or use the safe.
Preparation is essential, so IT and security departments should be keeping travellers updated on the latest tactics that are being used by cybercriminals. One particularly effective technique is phishing, where a fraudster pretends to be a legitimate contact or colleague as a way of breaching security and getting the traveller to helpfully provide a ‘lost’ password or download some malicious software. Phishing is becoming more sophisticated, with criminals often using SMS messages while a traveller is abroad, so any suspicious and/or unsolicited texts should be deleted immediately – particularly if they contain any links (a sure warning sign).
It’s also good practice to make sure all mobile devices taken on a trip are clear of any malicious software when returning to the office. IT departments can and should quickly determine if devices have a clean bill of health or if they have been compromised by malware and take appropriate action. This can lead to surprises, as travellers often have no idea when or how their devices have been infected.
While cybercrime makes the headlines and becoming a victim is a scary thought, most of these steps are simple, cost-free common-sense measures for organisations and their business travellers to deploy. It’s mostly a case of making sure you follow a few practical steps to reduce exposure to potential breaches while travelling and raising awareness of the latest techniques that cybercriminals may try. Knowledge, as they say, is empowering.