Every day thousands of business travellers arrive at their destination searching for the “free Wi-Fi” sign so that they can stay in touch. What most people don’t realise is this creates an excellent opportunity for the cyber criminals to get their hands on your personal information and sensitive corporate data. We are all familiar with some high profile hacks – Sony and Talk Talk to name just a few but there isn’t a week that goes by without another hitting the headlines. It is all too easy to see cyber security as problem only for large corporates and not something that we mere mortals have to deal with. An expression very familiar to most cyber security experts is; “why would anyone be interested in me or my information…”
If you have a device with information stored on it, and/or you send information over the internet this is exactly what the cyber criminals are looking for!
Why are cyber criminals so keen to get their hands on your information?
They want your personal details, your clients or suppliers’ details, your trade secrets, or simply a list of email addresses. All of these details are highly valuable when traded on the dark web. The value of a laptop maybe $600 but if you have confidential merger plans on the disk then the PC could be worth millions of dollars to a criminal or business rival.
Even if you think you don’t have any of this information you may still be of interest.
You may be a target as the weakest link and the way in to a more valuable target further up the supply chain.
How do they do it?
One of the most common way for hackers to steal your data is to use software to intercept the Wi-Fi network at which point they can see everything on a fellow free Wi-Fi user’s screen. They can then see all the traffic travelling to and from to extract important information.
Another popular method used by hackers is to set up rogue Wi-Fi hotspots in areas where large numbers of users are likely to be searching for a connection. These hotspots can use generic names like “free Wi-Fi” to cause trusting users to connect, at which point their personal information can be collected.
The easiest way for thieves get their hands on your data is get the device itself. Home Depot and Pfizer suffered from huge data compromise due to laptops holding confidential information that had been stolen from laptops left in the back of a taxi. A recent study found that nearly half of all executives have lost a device in the past year! It is estimated that over 2 million laptops are lost or stolen in the US each year.
It’s nearly impossible to secure against an opportunistic thief or simple forgetfulness, so it’s important to take precautionary steps..
Before you go
Back Up and save all the information on the devices that you are required to take on your trip. Think about the device you are taking and what information is on that device. Ask yourself are you travelling with data that you cannot afford to lose?
Before you travel especially if they are linked to large international events, do not post your travel plans on any social networking site. Many of the CEO email scams where scammers impersonate the CEO email to defraud the company happen while the executives are out of the country.
Protect Your Device, never pack it in the hold, or leave it on a hotel table while you grab a coffee. If you do need to leave it behind then lock it away in the hotel safe. Always pin code/ password your device. Last year a report found that 50 per cent of executives had lost their device.
Install Anti-Virus Software – There are a number of mobile device security software solutions available. Install on all your devices for added protection. Disable Bluetooth access. When you allow access to a device via Bluetooth connection, once connected this connection stays open and data can flow freely with very little or no user c confirmation. How often have you connected your phone to the Bluetooth in a hire care, when you connect your phone you can see details of the previous which if still in range would enable access to their data.
** Do Not Use Public Wi-Fi**
Public Wi-Fi networks are available everywhere these days. The traveller should use with extreme caution as they are often poorly protected and easily imitated by cyber criminals who set up their own “hotel” networks. The names of Wi-Fi networks are manually created so anyone can set up using any network name. Criminals might set up a network called “official hotel Wi-Fi”. Once you click and connect to the scammers rogue network they have their hands on all of your data. Always verify with the hotel, café, airport lounge etc. that you are connecting to the official network and check that it has the padlock sign in the top bar. If possible avoid using any public network.
Don’t Use Shared Computers. Often hotel lobby’s will have some shared computers with internet access. You have no idea how safe the network is so again avoid using wherever possible. Don’t Do Any Financial/Sensitive Transactions. Take extra precautions whilst connecting to Wi-Fi. Do not send any financial information or business critical information whilst abroad and save it until you are back in the office safely within your secure network.
When you return change all your password in case they have been stolen. Look out for any suspicious emails.
When the unthinkable happens – What to do if your data is lost whilst travelling
- Assess – What has happened, what is the potential impact?
- If your laptop has been stolen with company data on then; if it was password protected, encrypted and you have the ability to track and remote ‘wipe’ the disk then you are probably in a reasonable position. The cost will be a new laptop not a new career.
- Conversely if you had sent your corporate takeover plans to Dropbox, uploaded them onto your personal un-protected iPad and lost that then the significance of loss is much higher.
- Inform – Relevant people about what has happened.
- Depending on what has been lost this could be your IT department, management, bank, customers, suppliers, partners, police, insurance firm and potentially shareholders.
- Forward looking firms have a policy explaining what to do in this situation with contact and help points. The main point is to make sure relevant people are aware and so can help make the right decisions to minimize the consequences of loss.
- Remediate – Resolve the problem as quickly and effectively as possible
- Change your passwords immediately. This may help prevent criminals accessing your emails and sensitive information.
- Disable the lost device if possible and wipe data from it. Track it and keep law enforcement and your IT department informed.
- If you think banking/financial information may be compromised then inform your bank and accounts department.
- Monitor activity. It may be useful to explain to customers/suppliers what has happened so they can monitor too. An all too common fraud is to imitate a CFO and give customers new bank account details to send their payments to.
- Replace compromised, lost equipment
- Review policies and ensure they are communicated and enforced
Losing information whilst travelling be very worrying, the main thing is not to panic. Having a clear understanding of how to protect yourself helps significantly to reduce this and the likelihood of loss in the first place.
The most important tool in the battle against the cyber criminals is awareness. Training is crucial in helping people to understand what the issues are, what is at stake and the simple steps they can take to drastically reduce the risk.
Develop a cyber security culture that becomes a part of everyday corporate life whether in the office or on the road.