As the landscape of business has changed so, have travel needs and expectations. In today’s world, employees are traveling more than ever for work and have developed the need to carry business critical devices while traveling on personal time. When it comes to employee and device security, there’s a natural concern regarding the protection of data that may be in possession of the employee, ie: mobile phones, laptops, tables and more. A solid information security plan should incorporate a blend of technical controls as well as policy and procedure. Your policy will naturally reflect your level of risk acceptance as well as the business operations – an organization with proprietary information to protect will have much stronger controls than others.
At Intrinium, we like to separate our operational security into two categories, domestic and international travel but, also personal vs. work travel.
When traveling domestically:
- Only connect your devices to trusted networks. Most public wireless offerings are built for availability rather than confidentiality and are “open” connections. If you can, use a cell phone hotspot or if you must connect, utilize your VPN and avoid connecting to important sites.
- If possible, utilize privacy screens on your cell phone and laptop. Most people just cannot help but look at your screen if it is nearby, and you may find yourself unwillingly disclosing sensitive information.
- If you are traveling for personal use, just shut your email and other work applications off. You are “Out of the Office”, anyways!
If you are traveling internationally, you may need to bring your tinfoil hat! The US State Department has warned American citizens about traveling to certain areas without taking extra precautions. Some of the risks associated include physical theft as well as device compromise.
When traveling internationally:
- Do not connect to any network that is not highly trusted. In fact, leave any non-essential devices at home, and keep essential devices powered off or in airplane mode whenever possible. In particular, leave Bluetooth off!
- For the essential devices that you do bring, do not let them out of your sight in high-risk countries. Even in your hotel, if you have sensitive or confidential information to protect, assume that if you are separated from your device it can be compromised.
- For the truly risk-averse, we recommend the DEFCON treatment. Bring burner devices and/or take backups prior to your trip and then destroy/restore as appropriate. This includes items like your smart watch as well.
If you are not sure of the appropriate measures to take, we strongly recommend that you check with your information security team prior to departing on trips. They will most likely want to know if you are not working/from where so that any activity from your accounts can be monitored as appropriate. If you require help building these policies, please do not hesitate to reach out to Intrinium for assistance.
Finally, a personal tip – stay hydrated on your flights! Bringing water bottles are a life saver for me.