Hardly a week goes by these days without some kind of headline in the media about cybersecurity and data breaches, with some of the biggest names in the travel industry falling victim to cybercriminals hacking into their systems and stealing
sensitive client data.
Apart from the obvious disruption, the consequences can be severe. Both British Airways and Marriott International were given huge fines (£183 million and £99 million respectively) by the Information Commissioner’s Office, the UK’s data
security regulator, for their respective data breaches. The fines were the first to be levied by the regulator as part of the European Union’s new General Data Protection Regulation (GDPR), which has tightened the rules on the use and protection of
As cybercriminals become ever more sophisticated in the way they try to penetrate organizations’ networks and websites, business travelers now find themselves on the front line in the battle to keep data safe. Ironically, as business travel itself unerringly moves towards becoming more ‘seamless’ and convenient, with constantly available Wi-Fi on tap to allow working on the move, the potential risks of cyber breaches become exponentially higher. The challenge is made all the greater by today’s ubiquitous ‘connected’ devices, including smartphones, tablets, laptops, smartwatches, and a plethora of other options.
Fortunately, there are simple steps that organizations and their travelers can take to substantially reduce the risks of potential cyber breaches while they are traveling. Here are some of the main risk areas for business travelers and what they can do to mitigate them:
Beware of public Wi-Fi
Most travelers naturally want to be online as much as possible during work trips, but using unsecured and unencrypted Wi-Fi networks carries a serious security risk – particularly in public areas such as cafes, lounges, airports and even hotels or meeting venues. One way to reduce this risk is by using a virtual private network (VPN), which creates a secure password-protected connection to public open Wi-Fi networks.
Change device settings
Travelers should make sure their devices are locked by using a passcode or fingerprint ID and should also consider changing their passcodes and passwords regularly for all their devices when traveling. Other good practices include not allowing any devices to automatically connect to new Wi-Fi networks and disabling Bluetooth as much as possible.
Keep systems up-to-date
Employers should make sure that any company devices are updated with the latest operating systems and anti-virus software updates. It’s worth noting that some high-profile incidents have only affected organizations whose systems did not have the latest upgrades. All updates should be carried out before leaving the office; it’s not advisable to download any software onto devices when traveling.
Take data precautions
Security specialists urge business travelers to only store data that they will actually need during the immediate trip on their devices so that, if the worst should happen, as little as possible will be compromised. Some IT departments will also loan ‘clean’ laptops and/or smartphones for employees to take with them to further reduce the risk of having data stolen.
Avoid shared devices
Logging into any accounts on a shared computer should be avoided (unless it is absolutely essential) because doing so makes it much easier for criminals to steal information. If these public devices have to be used, then two-step authentication should be used when logging in.
Cybersecurity incidents can often arise from what happens in the real world. For example, if a traveler leaves their printed airline ticket or trip itinerary on the aircraft or in a hotel room, that could give a fraudster access to valuable data, including the traveler’s Passenger Name Record. Travelers should also be aware when having conversations in hotel lobbies that a criminal could be listening in, either in-person or through eavesdropping equipment. Leaving any devices in a hotel room also carries an obvious security risk, so keep them with you or use the safe.
Preparation is essential, so IT and security departments should be keeping travelers updated on the latest tactics that are being used by cybercriminals. One particularly effective technique is phishing, where a fraudster pretends to be a legitimate contact or colleague as a way of breaching security and getting the traveler to helpfully provide a ‘lost’ password or download some malicious software. Phishing is becoming more sophisticated, with criminals often using SMS messages while a traveler is abroad, so any suspicious and/or unsolicited texts should be deleted immediately – particularly if they contain any links (a sure warning sign).
It’s also good practice to make sure all mobile devices taken on a trip are clear of any malicious software when returning to the office. IT departments can and should quickly determine if devices have a clean bill of health or if they have been compromised by malware and take appropriate action. This can lead to surprises, as travelers often have no idea when or how their devices have been infected.
While cybercrime makes the headlines and becoming a victim is a scary thought, most of these steps are simple, cost-free common-sense measures for organizations and their business travelers to deploy. It’s mostly a case of making sure you follow a few practical steps to reduce exposure to potential breaches while traveling and raising awareness of the latest techniques that cybercriminals may try. Knowledge, as they say, is empowering.