auremar - Fotolia
After reading about one security professional's experience of being forced to boot up and decrypt her laptop at an airport overseas, I'm concerned about traveling with sensitive data. What does this mean for those of us who do travel with corporate data on our devices and want to protect sensitive information?
Unprotected sensitive data isn't great on its own, so traveling with unprotected sensitive data is definitely inadvisable. Unless such data is protected with strong encryption or stored in an obfuscated disk image, it is best left at home.
Realistically, the traveler will eventually need to work on sensitive data while abroad and although airport personnel rarely ask to decrypt a laptop, the question is how can security professionals pass airport security without risking compromise?
An informal poll of well-traveled professionals confirms that being forced to boot up and decrypt laptop contents at international or domestic airports is very rare. Although the likelihood is very low, the impact of compromise can be significant. Some ways to better protect sensitive information while traveling abroad include:
- When possible, do not travel with sensitive data;
- Strongly encrypt the entire hard disk on the laptop with methods such as AES-256;
- Doubly encrypt sensitive data using synchronous passcodes or a PKI;
- Create a strongly encrypted disk image that requires a passcode to activate;
- Obfuscate folders that store sensitive data with names that do not draw attention;
- Perform a full backup before traveling; and
- Store sensitive data needed while traveling on a secure SFTP site or Web portal that requires two-factor authentication and VPN IPsec protection.
Airport security personnel typically are not experts in information security. These measures should be sufficient for protecting sensitive information while traveling abroad.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
Learn how to protect sensitive information that resides on your laptop and how to protect corporate data from government surveillance
Dig Deeper on Data security technology and strategy
Related Q&A from Mike O. Villegas
A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media ... Continue Reading
A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises... Continue Reading
Yahoo reportedly rejected a forced password reset after numerous data breaches compromised user data. Expert Mike O. Villegas discusses whether this ... Continue Reading