I read recently that high-profile corporate executives traveling overseas have become an increasingly attractive...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
target for malicious hackers. Can you give some recommendations on how to protect sensitive data when execs travel, especially without inconveniencing them?
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Unfortunately, there is little an enterprise can do to protect data without inconveniencing traveling executives. This Internet Crime Complaint Center advisory specifically indicates insecure software update mechanisms being used to exploit travelers abroad, but there are many other ways for attackers to steal data from international users. Anyone traveling with sensitive data should be concerned about the valid threat of theft, so enterprises and users should do some prior planning to reduce the risk.
Enterprises can put into place security controls that protect data while users are traveling. The specific controls depend on the type of data being accessed, the travel destination and the resources available for security. The easiest way to protect data is to deploy a new secure laptop and to reformat and revalidate the hardware upon the executive's return. This process, used by Kenneth G. Lieberthal when he travels to China and documented in a New York Times article, addresses significant security requirements but is likely not reasonable for most organizations.
So how can companies reasonably protect sensitive data? Travelers should probably wait until they return from a trip before installing updates or making significant changes to their systems, but they may still need to access sensitive data while doing business internationally. Users can travel with just a tablet that doesn't store any sensitive data.
Enterprises should definitely have users inspect their hardware for planted recording devices or hardware keyloggers before use and change their password before leaving and upon return (or use two-factor authentication). Changing a password on a known secure device is important in case someone captured the password by shoulder surfing or other means.
Enterprises could also reasonably instruct travelers to use secure connections to access the minimum data necessary. Unless personal devices are as secure as the corporate devices, travelers should be wary of their privacy and the potential access their personal devices might give to corporate data. Any data stored on a device going abroad should be encrypted, but be aware that some countries might require travelers to hand over the data or allow them to search a computer. Human rights organizations should take additional steps to ensure the security of their data.
Dig Deeper on Data Loss Prevention
Related Q&A from Nick Lewis
Vonteera adware has the ability to disable antimalware software on endpoint devices. Expert Nick Lewis explains how enterprises can prevent this ...continue reading
ModPOS, a new POS malware, compromised millions of credit card accounts in 2015. Expert Nick Lewis explains how cybercriminals use this malware and ...continue reading
Amex cards have been discovered to be vulnerable to credit card hacking. Expert Nick Lewis explains how this happens, and what can be done about Chip...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.