Security managers must be aware of their physical surroundings when they travel, but electronic devices frequently place employees and their companies at risk. To help keep devices and corporate data secure while traveling, Security Management reached out to several security experts to learn about their own travel best practices.
Do a Cleanse
Before packing your laptop, Bruce McIndoe, CEO of integrated risk management company iJET, recommends doing some device cleansing.
“That’s the first level of defense when you are getting ready to leave on a trip—slim down and remove as much data as you can,” he says.
This means assessing whether you actually need to take a laptop with you and, if so, removing all the sensitive data from it that you can. “That way if the laptop is stolen or infiltrated or lost, you’re not going to have all that data exposed,” McIndoe says.
Take the same approach with your smartphone, and pare down your USB devices to the essentials. Then make sure that all your devices are encrypted in case they are lost or stolen.
Talk to IT
After you’ve assessed what you need to take with you, it’s a good rule of thumb to check with your IT department to see if they have travel devices for you to take with you, such as travel laptops, phones, and even routers.
IT can also review with you any policies or procedures in case your devices are lost, stolen, or breached while you’re away from the office.
Take the Right Bag
When traveling, sometimes your devices are out of your sight—whether they’re tucked in your checked bag or stowed in the hotel while you’re out at dinner. This is when a zippered bank bag comes in handy, says former U.S. Secret Service Agent John Toney. He and other agents used zippered bank bags, such as an A. Rifkin bag, to store guns, electronic equipment, and anything else they wanted to keep away from prying eyes.
“When agents go en masse overseas, everyone throws their bag into the same Pelican case for customs,” says Toney, who is now senior manager of forensic technology and discovery services at Ernst & Young LLP. “That way, customs agents can scan the outer carrier but don’t get inside the bags.”
Avoid Free Wi-Fi
While a wonderful invention, Wi-Fi does come with risks, which is why McIndoe says he doesn’t connect to airport Wi-Fi or public Wi-Fi.
“What I try to do is use Gogo and AT&T hotspots,” McIndoe explains. “I can use Gogo on flights and get onto Wi-Fi only from access points that I know about.”
He also says travelers should be cautious about connecting to hotel Wi-Fi. As a precaution, consider using a VPN to access systems at work and ensure that you have an HTTPS connection. If you do access a website without an HTTPS connection, McIndoe says you should not consider that information private.
Talk to IT, Again
After you’ve returned from your trip and before you connect any of your devices to your company’s network, go talk to IT. They can scan the devices to make sure you didn’t pick up any malware while you were abroad. Many companies require employees who have been in designated countries to have their laptops scanned before connecting them to the network.
“A lot of companies have more sophisticated malware detection on the company network than on your laptop and will detect a virus that your local virus scan did not detect,” McIndoe says.