I spend a lot of time traveling for business—my family may say too much time– but in this day and age of globalization, travel is part of the business world. On one of my recent plane rides, I saw an incident that inspired me to share my thoughts with fellow business travelers.
Passenger A was sitting two seats ahead of me across the aisle, writing a Powerpoint presentation and checking his email – nothing inspiring about that. However, Passenger B, seated directly in front of me, kept leaning over to get a closer look at the laptop screen of Passenger A. As we travel, workers have a responsibility to secure our company’s hardware and data. The first step in that process is to understand that security is an ongoing task, and engaging in a healthy sense of paranoia isn’t necessarily a bad thing.
Featured Download: CISO Data Breach Guide
Here are some basic tips that may help you as you look over your shoulder every time you fire up your mobile device or laptop in a public place.
1. Keep your screen private. Start with a basic privacy protection screen on your laptop monitor. Privacy filters are a relatively cheap way to protect from prying eyes.
2. Use caution with public Wi-Fi. With the increase of Wi-Fi on airplanes and the convenience it provides, you should treat it as insecure public access and connect to your company or personal data using privacy protection mechanisms such as a VPN connection. Working at 30,000 feet does not give any better protection than logging in from Starbucks.
3. ‘Working offline’ is not as secure as you think. If your plane does not have Wi-Fi access but you decide to work on your laptop in ‘offline’ mode, remember to disable your Bluetooth connection. Bored hackers on flights will see whose machines they can connect to.
4. Beware of hotel Wi-Fi. At a hotel, be sure to use VPN access whenever possible to ensure your communications are secure. You never know who is watching, and remember that the Wi-Fi connection that says “Hilton Honors” does not actually mean it is secure. Carry a secure Mifi device with you and use it.
5. Assume the public cloud isn’t secure. If you have Find My iPhone capability on your device, make sure you set it up before you need it – otherwise, it’s too late. I recently dropped my cell phone, and it was a huge bonus to be able to locate it quickly. The sense of panic at the thought of losing my connection to the outside world and all my personal contacts was similar to taking a roller coaster ride without the seatbelt. Use of personal devices leads to additional challenges as recently highlighted by celebrities’ personal photos being shared publicly. Assume your cloud sharing via devices is insecure. Whatever data you share in your personal cloud, such as iCloud, Google Drive, or DropBox, all of it is vulnerable to targeted attacks. Secure all data utilizing complex passwords or phrases and ensure confidential data is not left permanently in the cloud.
6. Ensure that data is secure, regardless of location. As evidenced by the NSA/Edward Snowden leak, identity management is not the most reliable data security strategy anymore. Instead, companies should look at ways to ensure that the data itself is encrypted using integrated rights management technology. This ensures that the data is protected no matter who tries to access it — and even if the worst-case scenario happens and data is stolen, it can be revoked or wiped clean remotely.
7. Keep private conversations confidential. I am amazed at the number of people who have private conversations on planes, at airports, or in hotel lobbies. One real life example I experienced a few years ago on a return trip from a customer visit. I was at the airport, and a competitor’s sales rep was on the phone telling his boss how he had just visited the same customer. He then went on to tell his boss the entire sales strategy including the bid price they were proposing. Treat every conversation as though your competitor is sitting next to you.
8. Always back up. Provide a secure, regular backup solution for all corporate data wherever it resides, independent of device.
9. Consider mobile device management (MDM) – Many organizations are utilizing MDM technologies to wipe devices if lost. This is a great way to remove all data; however, unless implemented correctly, it can result in company critical information being wiped also. If you have an effective backup solution, that may not be an issue, but a large percentage of corporate and personal data is not backed up, which means it could be lost permanently.
10. Enforce complex password policies – Multi-factor authentication is recommended for all work machines to ensure that in the event of a lost device, its data is protected. Utilize either complex passwords or phrases – complete sentences are ideal.
[wp_ad_camp_4]
Traveling for business will never be completely free of annoyances: flights will be delayed, meetings will run on too long, and hotel rooms will not fail to disappoint. But worrying about the safety of your company’s data shouldn’t be an item on that list, and thanks to current technologies and basic common sense, it doesn’t have to be.
By Daren Glenister, Field CTO, Intralinks
Glenister has 20 years of experience in security, software and customer relationship. Prior to joining the Intralinks team, he held the position of vice president of technical sales of the security division at CA Technologies.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.