Movies and TV shows often suggest travel is glamorous, especially for those in business, where it means first class and five star accommodations. The real world is far more mundane and even those with security clearance will wait in some TSA checkpoint line with everyone else. About the only benefit for most seasoned road warriors is that they travel enough that they wait in a shorter line and get a few more upgrades and perks along the way.
Unlike holiday travelers, those who jet set for work – whether in the corporate world or government sector – often need to carry sensitive information. That means they need to make security an element of their travel plans. Even if you’re not traveling for the CIA, thinking like a spy may be a great way to keep yourself safe on the road.
First, forget the martinis – shaken or stirred – and in almost all cases leave the tuxedo at home. Instead, think about how to protect your data.
“Traveling with sensitive information is complicated on several levels,” warned AviramJenik, CEO and founder of Beyond Security.
Keep Calm and Carry On (Without the Laptop)
Several Middle East air carriers have instituted laptop bans in the main cabin for flights headed to the United States, and some European carriers could follow suit over concerns that a laptop could be used to hack into a plane’s onboard systems. This has presented issues for travelers, as it means laptops may have to be in checked luggage, where the devices could be lost, stolen, or hacked themselves.
“Whenever a device you own leaves your side, it can be subject to unauthorized access that could result in the theft of data or the device getting infected with malware or spyware,” Tony Anscombe, global security evangelist at security firm ESET, told ClearanceJobs. “The introduction of an infected USB key to the machine could result in keylogging or malicious code being loaded for use at a later time.”
For these reasons a laptop should never be allowed to travel in checked luggage if there is sensitive information. Jenik describes the situation like traveling with cash – which most wouldn’t leave in checked baggage either.
“Which one of us has not had his or her luggage lost when flying,” Jenik pondered.
Hidden compartments won’t help either; not in a day and age when all luggage is routinely x-rayed. Instead remove all sensitive data from the computer and consider keeping it on a portable hard drive that is encrypted and can still be brought into the main cabin.
Travelers could also have a special “travel” laptop that is light on most sensitive data but heavy on encryption.
“Many travelers who go regularly to the Far East will have two sets of laptops/phones. One for traveling – not containing any sensitive info – and another which is for day to day use,” Jenik told ClearanceJobs.
“If someone steals the device they may be able to reload/reset it, but access to what was encrypted means that your data and settings remain safe,” Anscombe added. “And if you have to check the computer, seal the device in a tamper evident bag;so you will at least know if anyone has attempted to or accessed the device while it was out of your possession.”
Other Threat Vectors
Travelers should be wary of leaving electronics unattended in their hotel rooms, too.
“Anytime the laptop is left unattended –even for a few minutes in a hotel room – there is the possibility of an adversary breaking into the room to steal the data,” said Jenik. “This isn’t much different than the pre-computing days when a competitor may have broken into your hotel room to make a photocopy of your quote so that they can under-bid you.”
Don’t trust those hotel safes either – few are truly robust.
“Hotel safes are not secure enough to store confidential information. They should be seen as a deterrent to a passing thief as opposed to a secure vault,” Anscombe told ClearanceJobs. “They can be easily and quickly opened by the hotel staff at the front desk and by any thief that has the unlock code or master key.”
It isn’t just when the device may be out of sight that is an issue. Travelers should know that many devices can still be hacked or otherwise accessed by simply connecting to the wrong network.
“When you are on the road you may be on an insecure Wi-Fi network,” explained Jenik, and that can result in malware or other nefarious software being installed on a device. “This malware stays with you, and when you return to your office enables your attacker to potentially gain access to your corporate network from your infected laptop, smartphone or tablet.”
Unfortunately encryption does not help here, since the malware will be running on the operating system itself.
For these reasons it may be a good idea to have a travel machine that is “air gapped” from all other devices – and any files that are transferred from this device should be screened by an IT pro.
Ditch the Non Essentials
If the trip is for business there is no reason for travelers to check in on Facebook or other social media. A device can all too often be a gateway to personal information, which can allow hackers to “social engineer” someone or determine passwords.
Email programs including Outlook shouldn’t be kept on the device. It is safer in most cases to logon to email remotely, clearing passwords and links prior to shutting down. Or keep information on a portable hard drive or even encrypted USB thumb drive that is small enough to be kept in a pocket or purse at all times – again reducing what is actually on the laptop.
Other files could be accessed from the cloud if proper security measures are taken. This goes back to making sure Wi-Fi is actually secure and private.
“Keeping data in the cloud works best when secured with two factor authentication and encryption,” said Anscombe. “In theory, accessing this data is then only reliant on there being an internet connection and a device. If the cloud sounds too risky then store all your data on an external drive and carry it with you in hand luggage, as there are currently no limitations on devices the size of a smartphone.”
Then there is always the old fashioned way to take sensitive data. Carry printouts and shred or burn what isn’t needed any more.
“Ironically, a paper trail is now back to being the most secure form of data,” said Jenik.
After all this, maybe the martini will be needed after all.
