For business travelers going to foreign lands, the old “Don’t leave home without it” slogan should be brought back with one slight change: “Leave home without it.”
Computers, mobile phones and any other electronic devices that contain personal or business information are at risk of data theft. Thieves in many countries are known for stealing data at rest in hotel rooms and safes, and en route to a destination. Travelers who have any personal or business data on their devices would be wise to use a disposable phone or device with no sensitive information on it. If you must have a computer or even a spiral notebook with company data in it, keep it in your possession at all times.
Even when en route to your destination, you need to be aware of cyber scams. Cybercriminals create fake Wi-Fi spots in airports, hotels and other public places, as well as on airplanes. Users often think they are using an authentic Wi-Fi access, but they are really using a phony one that has a similar name to their location. For example, if the authentic Wi-Fi is named “O’hare Airport,” the fake one might be “Chicago Airport.” There are also “evil twin” Wi-Fi networks that cybercriminals set up that may have the same name as the authentic Wi-Fi network but the key to the network shown on the user’s computer will link a computer to the hacker’s. Be sure to get the key to the network directly from the establishment so you don’t become a victim to this scam.
Although you don’t know who and where the good guys and bad guys are, there are some countries where you are more likely to be hacked than others. In Russia and China, for example, you can’t even enter the country with an encrypted device unless you have permission from their governments. According to a New York Times story, in 2010, China stole information from four U.S. Chamber of Commerce Asia policy experts who frequented China. The chamber later barred employees from taking devices with them to certain countries. Representative Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, said its members could bring only “clean” devices to China and forbade connecting to the government’s network while abroad. He said he traveled “electronically naked” and told the Daily Caller, “The threat from nation state cyber hackers is growing by the day.”
Scott Aken, a former FBI agent who specialized in counterintelligence and computer intrusion, told the Times, “The Chinese are very good at covering their tracks. In most cases, companies don’t realize they’ve been burned until years later when a foreign competitor puts out their very same product — only they’re making it 30 percent cheaper.”
China is not the only country that travelers should be wary of. The former top counterintelligence official in the office of the director of national intelligence, Joel F. Brenner, told the Times, “If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated.”
If you travel to foreign countries and need a device with you, be sure to purchase a new phone that has not connected to and does not connect to your organization’s network, as information could get stored on the device. If a thief hacks a device of yours that has previously connected to your network, the thief could also compromise your network.
Cyber Security Travel Tips
- If you must bring a laptop or mobile device with you overseas, be sure it has been wiped and only has the applications you need. Then, never let it out of your site as spies can retrieve your devices from hotel rooms and hotel safes.
- Don’t email sensitive information over any device.
- Switch off Bluetooth, Wi-Fi, the microphone and camera as threat actors could be watching or listening to you via your computer.
- Bring a disposable phone with you or buy one in the country you are visiting, and do not send emails containing sensitive information as they could be intercepted.
- Do not allow foreign electronic storage devices to be connected to your computer or phone as they may contain malware.
- If you bring a presentation on a flash drive and it is shared on a host computer, be sure there are no other files on the drive and destroy it after the presentation. The flash drive could pick up malware and migrate to your computer.
- Be wary of using your hotel’s wireless network or any wireless network as they can be compromised.
- If you must email, set up a new email account for overseas travel.
- Beware of phishing scams from foreign security pretending to be someone you know asking for sensitive information.
- Do not access personal financial accounts when traveling unless you are at your company office with a secured network.
- Set up new passwords just before you leave for your trip and change them just after you return.
Jeff Multz is Director of Midmarket North America at Dell SecureWorks. Dell SecureWorks, a global information services security company, helps organizations of all sizes reduce risk, improve regulatory compliance and lower their IT security costs. [email protected].