There is some good news for the hundreds of thousands of Microsoft Windows™ users who were victims of the WannaCry attack that encrypted their data and demanded ransom payments for decryption: Because the code behind the ransomware was full of mistakes and of low quality, some may able to regain access to their original files. Next time, though, we may not be so lucky. The hackers responsible for WannaCry and other cybercriminals will learn from their mistakes — and so should you.
Especially when traveling, there is an increased number of data security menaces you need to protect yourself against. Your laptop could be stolen at the airport, or there may be spyware on the computer in your hotel’s business center. A hacker may steal confidential corporate information while you’re using a public Wi-Fi connection, or perhaps a customs official in a country prone to corruption seizes your device.
Companies need to have policies that deal with all of the above and more so that their traveling employees can be prepared for whatever cybersecurity threat they may encounter. According to Allen Allison, chief information security officer of American Express Global Business Travel (GBT), a piece of that policy puzzle is taking the time to educate and train business travelers about how to protect their device and data while on the road.
Because sensitive information on laptops and other portable devices can be exploited by identity thieves or even used for corporate espionage, devices should have as little data as possible on it and secure encryption should be used.
Many companies also require their business travelers to keep their devices in their carry-on bag during a flight. But when the laptop ban was in place in 2017, that wasn’t possible at affected airports. To work around this, Allison says that American Express GBT had special laptops with minimal configuration and data that they have traveling employees “check out” when visiting any country currently affected by the ban.
Not even safe in the room
It’s not only at the airport where a laptop might be snatched, though. Hotels are another place where thieves like to prey.
“How often have you left your laptop in your hotel room while you go down to the lobby and have dinner?” Allison asks. “Probably, most people do that. But it would not be difficult for someone to come into the hotel room, grab your laptop and install software that can capture your keystrokes.”
To prevent this, he advises either using a strong password (not written down and never shared) and encryption on the device, or carrying your device with you at all times during your trip — even to dinner at the hotel restaurant.
Another thing about hotels: Because they typically keep credit and debit card details for the duration of the guest’s stay to cover for incidentals, they often are the target of hackers. To avoid having corporate credit cards compromised, we suggest travel managers look into using a virtual payment system. With VIRTUAL PAYMENT EXPERT powered by Conferma™, which is available to American Express GBT clients, travelers can use a highly secure, single-use virtual credit card number for their hotel charges. Once a transaction is complete, the number becomes invalid, minimizing the risk of fraud.
Beware of information theft
It’s not just their physical devices travelers need to protect. Sensitive data can be stolen from right under their noses when logging into a public Wi-Fi network that has malware installed on it. If you do use a public Wi-Fi server at the airport or at a café, Allison warns not to check anything that you wouldn’t want someone else to see, including corporate, banking and email information. Such data easily can be intercepted by a hacker and exploited for a malware attack.
You also need to be wary of the hotel’s Wi-Fi network, which may only require a room number or code to access the internet. This lack of secure encryption makes your internet usage vulnerable to spying from others sharing the network.
A couple other precautions Allison recommends for protecting data: installing an antivirus onto your device and making sure it’s up-to-date and always downloading the latest software patches (which would have prevented the spread of the WannaCry virus). He also recommends doing regular backups of your device — and backs up his own every Monday morning.
So what should you do if you do become the victim of a cyberattack? Immediately power down your laptop and report the incident to your security team, who likely will have the device sent to them so they can handle damage control.
Whatever you do, do not try to fix the problem yourself, Allison warns, noting that with WannaCry and other ransomware attacks, “the more you mess with it and the longer you delay (shutting it down), the worst the infection gets.”
Oh, and something very basic: While traveling, be sure to keep all your physical paperwork protected, too!
Allison is surprised by how “lackadaisical” passengers can be with their travel itinerary information. Several times, he’s seen documents containing private details being left behind in the pocket of an airline seat.