Travelers – especially in the corporate sector – are connected to the web and other digital platforms through electronic devices more than ever before. But while such advances in technology have helped individuals and businesses stay in touch, methods around ensuring people, hardware and their work remain secure have become increasingly important. Here are ten simple – and sometimes obvious, but often forgotten – ways to stay protected.
1. Be discreet in public.
Sure, this seems like a no-brainer, but you’d be surprised at how often employees discuss sensitive or confidential information in public. Sales associates generally have the best stories about attending conferences and overhearing competitors’ discussions about sensitive accounts and confidential business initiatives. Likewise, avoid viewing sensitive information via laptop or PDA which can make that information vulnerable to shoulder surfers. If you must view private material in a public space, consider using a privacy filter over the laptop screen for extra security.
Remember, thieves can’t steal what you don’t have. Make time to take an inventory of what’s on your laptop and transfer sensitive, confidential data to the company’s secure central server or a thumb drive that may be stored safely at home or at work until you return. If you are required to carry sensitive information with you, consider utilizing an encrypted thumb drive and storing the information securely.
3. Make sure your electronic devices are “travel ready”.
Once you’ve removed non-essential files and information from your laptop or PDA, make sure that it is as secure as possible. Disable all file-sharing, peer-to-peer communications, and vulnerable ports. Laptops should be encrypted and protected with strong passwords. Remote connections should be set to automatically disconnect after a certain period of inactivity.
Keep in mind, the company security policy doesn’t change just because you are traveling, so don’t attempt “work arounds” by disabling the required security settings. Difficulties should be brought to the IT department’s attention for assistance.
4. Never leave sensitive information in your rental car or an unattended hotel room.
The story of a stolen laptop left unattended in a car is quickly becoming a cliché, so avoid joining the club by carrying your laptop with you at all times. If you wish to leave your laptop in the hotel, be sure to put it in your room safe. Or, if the safe is not large enough, consult hotel management and arrange for storage in a centralized main safe or secure holding area. Locking your laptop in your hotel room – no matter how smart a hiding place you contrive – creates needless exposure and worry.
5. Avoid using open Wi-Fi hotspots.
Wireless communications has greatly improved the functionality of the business traveler. That being said, using the free Wi-Fi at the coffee shop most likely means your data is transmitted over open airwaves, making it easy to pick up by an uninvited party. If your company provides you with VPN access, use it. Otherwise, set your computer default to require your authority before connecting to a new network. Avoid open networks, and look for a fully deployed Wi-Fi Protected Access (WPA) network, which affords a higher level of security.
6. Make sure the network is encrypted with WPA2
Ideally, you’ll want to use hotel WiFi connections only if they’re encrypted with WPA2. How can you tell this? Usually, when connecting to any encrypted network, you have to enter the password for it in your wireless network settings, in which case your software may identify if a network is encrypted by WEP, WPA or WPA2 encryption. If in doubt, ask the front desk or contact technical support for the connection. Only use WEP if you desperately need the Internet and have no other option. You may also want to confirm with the hotel before you book that it uses a reputable Internet service provider — some of the more well-known ones include AT&T and iBahn. However, many times the hotel’s Wi-Fi connection will be made to look like the hotel brand so you will not know who it is from. Also, an attacker may create rogue wireless networks and web sites which mimic the legitimate ones. So, if in doubt, ask the front desk or contact technical support for the connection. If you’re accessing your company’s network, do it through VPN (virtual private network) if possible. Ask your IT department how to do this.
7. Use public computers at your own risk.
Public computers, like those found in a hotel’s business center, can contain “keylogger” spyware, which records every keystroke including passwords and account information. Key loggers make it possible for an identity thief to steal any information entered into the computer during your session. Conducting important company (or personal) business on a public computer also increases your vulnerability to “shoulder surfers” – individuals who look over your shoulder to observe what you are doing and, more importantly, collect the sensitive data you’re entering.
8. Beware of pre texting calls.
Pre texting, or social engineering calls, have becoming extremely popular with scammers, so much so that many hotels now post warnings to hotel guests not to provide their personal information, particularly credit card information, over the phone. Generally the front desk already has this information on file and has no need to call you for it. If you do get a call, ask for the person’s name and call back to the front desk yourself to verify.
9. Make sure you fully understand your company’s travel policy.
Many companies have a risk-management policy for traveling employees. This may include rules about what types of information can or cannot be transported via electronic or paper files. Additionally, it’s important to know procedures in the event that information is lost or stolen on a business trip. Lots of companies provide training and technical support for their traveling employees so they know exactly what’s expected of them. If yours doesn’t, it might be a good idea to inquire what kind of support is available, as well as whether or not your company has an incident response plan.
10. When it comes time to pay, consider your options.
Many organizations reimburse travelers after the fact for incidentals, requiring the employee to turn in receipts and expense reports, but how you pay for these things is generally left up to you. From an identity theft standpoint, the safest route is using credit cards. It’s safer than cash in the event that your wallet or purse is stolen, and unlike debit cards, you are protected against fraudulent charges – many credit cards have a zero liability policy. With debit cards, you don’t always have this kind of protection. Plus, debit cards are tied directly to your bank account, and it can be more time consuming to resolve fraudulent purchases.
11. What’s in your wallet?
Before you hit the road, make photocopies of the personal material in your wallet: driver’s license, credit cards, insurance cards, etc. – front and back – and store those copies in a safe place at home. Should your wallet be lost or stolen, you won’t be left wondering what was actually taken, and you’ll be able to quickly notify the appropriate agencies about what has taken place. Furthermore, someone at home can always send you the duplicate information you need to get you back to where you want to be — home.