< Back to listing

Posted 15 juillet 2019

99% of European companies consider business travel essential to their development[1]. Going abroad on a business trip is one of the most common tasks of a mobile employee. Whether it is a short stay in a neighboring country, or a long trip to the other side of the world, the confidentiality and integrity of the data exchanged and stored on your devices is at risk. As a representative of your company, you have information that may interest your suppliers, contractors, competitors, and foreign intelligence agencies. According to Carlson Wagonlit Travel, only 19% of French business travelers say they are certain they do not jeopardize their company’s data during their business trip compared to 35% worldwide. To avoid unpleasant surprises, it is important to anticipate protecting this data before leaving on a business trip.

Image removed.

Cyber security abroad: who is concerned?

Virtually, everyone.

Even if you believe that you are not carrying trade secrets, your smartphone may still contain information of interest to hackers. Sometimes, their attempts are highly targeted: they look for specific profiles who take a business trip to host a conference, attend a tradeshow, or meet partners and potential customers. Sometimes, hacking is purely opportunistic. A simple negligence can allow access to a host of information hackers could use against you.

link

What are the best practices to limit risks?

Of course, everything depends on the country. While risks are (a little) lower in most democratic countries, caution should still be exercised.

 

While clearing customs

Certain countries may be suspicious or curious. Customs officers may ask to access your device more or less imperatively.

To limit risks, it is recommended that you keep data and applications to a minimum on your device. You can download your applications and data once past this first step using a secure synchronization or sharing solution recommended by your company, which will allow you to safely retrieve your work documents.

 

Beware of Wifi connections

Keep in mind that connections in public places (coffee shops, train stations, airports and public transportation, hotels and restaurants) offer no guarantee for your confidentiality. Even worse, they can be used to access your smartphone remotely. You should favor a mobile data plan, which can be bought on the spot and used in a dual SIM smartphone, or provided by your French operator through a specific subscription.

 

Read also: Wifi: are you really well protected?

 

Do not trust anybody

Once abroad, exercising caution should remain the rule. In certain countries, hotel rooms may be searched without notice and without prior permission. As such, employees with significant responsibilities are those most likely to be targeted. Once a smartphone is identified, it can be attacked using various techniques (applications, Internet links, Wi-Fi or Bluetooth connections) in order to access stored data, exchanged communications, as well as geolocation information, and even the camera and microphone. Your smartphone then spies on all of your actions without your knowledge.

 

Read also: How to raise employee awareness and reduce digital risks

 

Segregate your data

To limit risks, ideally, use a device dedicated to your mission abroad: a computer and a smartphone containing no other information than strictly necessary to perform your work abroad. This helps with protecting sensitive data by leaving the equipment you use daily in your home country. Before you leave on your trip, you can also mark your smartphone with a distinctive sign (a sticker, a small discrete scratch, a custom case) to ensure no exchange took place during the trip. When you return, hand over your equipment to IT for testing, to ensure the equipment has not been tampered with, before resetting and recirculating it.

 

Keep your smartphone with you at all times

As much as possible, never leave your smartphone unattended. Do not trust hotel safes and if you have no other options, turn off your phone, remove the SIM card and battery, and keep them with you or store them in various places. A precaution that is not absolute, but sufficient enough to discourage criminals attempting to physically attack your smartphone.

 

Read also: Which ANSSI Recommendations and Certifications CISOs should know about?

 

Avoid public charging stations

In certain public places, hotels or conference centers, stations are available for travelers to recharge their devices. As tempting as it may be, this is to be avoided at all costs. Just as you should never use a USB stick offered as a gift, do not connect your smartphone to this type of station either. Indeed, it is the most direct way to access your data. These stations can then copy your documents or install malicious software without your knowledge. Always take your charger and only plug it into a power outlet.

 

Get the best mobile security solutions

Finally, last (and most effective) solution: encryption, a security tool that encrypts all of your phone’s incoming and outgoing calls. A secure connection ensures that transmitted and received data is real, secure and uncompromised. If, despite all your precautions, hackers manage to intercept your data, they would only obtain a sequence of codes that would be impossible for them to decipher.

Encryption applies to all communications on your smartphone. Videoconferencing, instant messaging, cloud file storage… never use consumer solutions such as Skype, WhatsApp and Google Drive when you are abroad. Instead, use only solutions that are protected and encrypted, provided by your employer.

 

Read also: Securing mobile communications: Why choose a B2B solution rather than a B2C solution?

 

A trip abroad is usually a good time for an employee. It provides a break from daily routine, the opportunity to discover a new country and a new culture. We take a step back from our normal activity, we change pace, and at the same time, we tend to lower our vigilance. This is exactly what cybercriminals expect. So, enjoy your stay without jeopardizing your company’s information.

link

[1] 2019 Business Trip European Barometer

11