Answer

How to protect sensitive data when executives travel abroad

I read recently that high-profile corporate executives traveling overseas have become an increasingly attractive target for malicious hackers. Can you give some recommendations on how to protect sensitive data when execs travel, especially without inconveniencing them?

    Requires Free Membership to View

Ask the expert!

Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)

Unfortunately, there is little an enterprise can do to protect data without inconveniencing traveling executives. This Internet Crime Complaint Center advisory specifically indicates insecure software update mechanisms being used to exploit travelers abroad, but there are many other ways for attackers to steal data from international users. Anyone traveling with sensitive data should be concerned about the valid threat of theft, so enterprises and users should do some prior planning to reduce the risk.

Enterprises can put into place security controls that protect data while users are traveling. The specific controls depend on the type of data being accessed, the travel destination and the resources available for security. The easiest way to protect data is to deploy a new secure laptop and to reformat and revalidate the hardware upon the executive's return. This process, used by Kenneth G. Lieberthal when he travels to China and documented in a New York Times article, addresses significant security requirements but is likely not reasonable for most organizations.

So how can companies reasonably protect sensitive data? Travelers should probably wait until they return from a trip before installing updates or making significant changes to their systems, but they may still need to access sensitive data while doing business internationally. Users can travel with just a tablet that doesn't store any sensitive data.

Enterprises should definitely have users inspect their hardware for planted recording devices or hardware keyloggers before use and change their password before leaving and upon return (or use two-factor authentication). Changing a password on a known secure device is important in case someone captured the password by shoulder surfing or other means.

Enterprises could also reasonably instruct travelers to use secure connections to access the minimum data necessary. Unless personal devices are as secure as the corporate devices, travelers should be wary of their privacy and the potential access their personal devices might give to corporate data. Any data stored on a device going abroad should be encrypted, but be aware that some countries might require travelers to hand over the data or allow them to search a computer. Human rights organizations should take additional steps to ensure the security of their data.

This was first published in November 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: