Most cybersecurity experts agree that about 20 percent of travelers are subject to cyber-crime when abroad
They all agree that travel puts travelers and their organizations at additional information security risk. That risk goes far beyond the cost of replacing exploited equipment to criminals accessing sensitive and confidential data through public WiFi and the installation of spyware.
Although the scale of travel-related risk varies from country to country, data-related risk transcends national borders. Nevertheless, travelers entering countries with a track record for cyber-banditry, they become easy targets for email “spoofing” - an attack methodology facilitated by stolen user IDs and passphrases (known as “credentials”). With the right software, the bad guys can covertly activate a camera, monitor emails, read stored files and steal users’ IDs.
Business travelers are often high value targets, especially those working for corporations, media, academic or government bodies. If the country being visited is not a U.S. ally, is experiencing civil unrest or has a high crime rate, the traveler is a top target for cyber-attack, cybercrime, monitoring and surveillance.
The way business travelers access the internet can also make them more vulnerable
Fake Wi-Fi spots in hotels, airports, cafes and restaurants can read and store critical data like passwords. Even hotel business centers and hard-cable internet access in hotel rooms cannot be trusted, particularly overseas. Laptops, smartphones and tablets are also susceptible to remote Bluetooth connections.
Device charging and storage also have related risks. Leaving a laptop in an empty hotel room can leave the traveler open to exploitation in countries that practice state-sponsored cyber-crime, whilst USB stations at airports may be downloading stored data.
Changing border control policies have enhanced cyber-risk too. Electronic devices are now subject to far higher levels of scrutiny than ever before. Over the last 20 years, the number of international travel departures worldwide has doubled to 1.3 billion. Many travelers from emerging countries are leaving domestic borders for the very first time.
Since 2008, U.S. Department of Homeland Security agents have been allowed to search through files on laptops, smartphones or other digital devices when you enter the country, even when there is no reasonable cause. They can keep data or the entire computer, copy what they want and share this data with other agencies, and force you to give the password if the data is encrypted. Outside the U.S. rules concerning cross-border transportation of communication devices and data vary in degree and level of enforcement.
With most travel suppliers focussing on creating ‘seamless customer experiences’, new research suggests that the more seamless the experience, the bigger the danger. In 2016 alone, there were 1,000 cyber-attacks each month on aviation systems, according to the European Aviation Safety Agency. In 2017, Latam Airlines and Ukraine’s Boryspil airport were both hit by ransomware.
In January 2018, Munich airport opened an information security hub, bringing together the airport owner’s IT specialists with European aviation experts to develop strategies and approaches to defending against cyber-attacks.
In today’s business world, cyber-risk increases exponentially as life becomes more inter-connected.
So how can travelers mitigate cyber risk?
1. Turn off or lock your phone or tablet at airport security.
2. Avoid accessing sensitive data and networks when traveling.
3. Limit remote access to your device, disable Bluetooth and Wi-Fi.
4. Create a Wi-Fi hotspot via your smartphone and use a Virtual Private Network to encrypt your data, even if it makes your connection slower.
5. Assume conference room microphones, telephones and video-conferencing equipment are compromised.
6. Take as few devices with you when you travel as possible and never leave them un-attended.
7. Charge devices by plugging a supplied power cord into a regular electrical outlet or using your own battery-powered mobile charging device.
8. If you must recharge via USB at a station, power off the device before plugging it in.
9. Do not use any device offered to you by a third party and never allow anyone e4lse to use your devices.
10. Don’t download any software onto your devices during your visit and get your IT team to check your devices post-trip
11. Assume any device screened as part of border controls has been exploited.