Many executives—particularly senior business leaders—frequently travel worldwide as part of their jobs. Hackers and cyber criminals know this, and that adds a risk factor that companies should not ignore.
“Adversaries in the form of businesses, governments and criminals target traveling business executives for the same two reasons they always have: the actual person, and information the executive has,” says Jim Jones, an associate professor in the Computer Forensics program within the Electrical and Computer Engineering Department at George Mason University.
“While physical risks have remained relatively constant, the information risks have grown exponentially,” Jones says. “Information risk used to be limited to what the executive could carry in paper form. Now, not only might the executive be carrying a library's worth of sensitive data on a collection of digital devices, but that data can be copied quickly, quietly and without the executive relinquishing possession.”
To make matters worse, those digital devices provide immediate and possibly long-term access to an organization's assets, Jones says. “Adversaries have the ability to extract unencrypted or weakly encrypted data from any device, including communications to and from those devices, and adversaries may physically modify a device to thwart even the best security and encryption,” he says.
Following are some steps companies and executives can take to enhance travel-related security.
Use extreme caution with mobile devices. This might sound obvious enough, but one of the biggest security risks involving traveling executives is the loss or theft of such devices as well as the data they hold.
A few factors make this a daunting challenge. One is that people rely heavily on their devices, and tend to want to take them wherever they go. Another is that oftentimes it’s not just a matter of one device, but several: smartphones, tablets, laptops, wearables, etc.
Some experts, such as Michael McCann, former United Nations security chief and now president of security services provider McCann Protective Services, recommend that executives leave their devices at home. This is especially true if they are traveling to China, he says. “Second best, make sure it is attached to you; never leave it anywhere,” he says.
All devices should be equipped with technology such as password protection, encryption, data backup and remote data wipe capabilities, in the event that devices go missing.
“Loss of laptops and mobile devices continues to be a significant threat, and many organizations still aren’t encrypting the data on those endpoints,” says Paul Cotter, security infrastructure architect at business and technology consulting firm West Monroe Partners. “Given the simplicity of enabling device encryption on current hardware and operating system platforms, this should be considered a bare minimum data protection requirement.”
Sign up for Computerworld eNewsletters.