Organizations face heightened cybersecurity risks when their employees travel. Business travelers are prime targets for cybercriminals, as they often carry valuable data and may not always be careful about securing their devices. According to research from Morning Consult on behalf of IBM Security, more than 1 in 7 travelers have had their personal information stolen on the road or abroad. Some common cyber threats business travelers may encounter include unsecured Wi-Fi networks, publicly accessible devices (e.g., hotel computers), and stolen or misplaced devices.
To minimize cybersecurity exposures for traveling employees, organizations should implement the following best practices:
- Establish Wi-Fi policies. Organizations should have policies requiring employees to confirm the network name and precise login procedures with the appropriate staff before connecting to public Wi-Fi networks in airports or hotels. Sensitive activities, such as banking or confidential work-related projects should not be conducted on public Wi-Fi networks.
- Enforce virtual private network (VPN) use. A VPN routes all online traffic through an encrypted virtual tunnel. Such a network can help reduce the risk of cyberattacks by establishing a secure connection between users and the internet. Organizations should require employees to utilize VPNs whenever possible, especially during business travel.
- Conduct physical security training for digital valuables. Organizations should encourage business travelers never to leave their devices unattended. Employees should also be instructed to utilize strong passwords or multifactor authentication capabilities (if possible) and lock devices in hotel safes upon leaving their rooms.
- Encourage employees to pack minimal devices. Leaving unnecessary technology at home can help reduce the chance of theft or data loss. As such, organizations should only permit employees to bring devices that are essential to completing their job duties on the road or abroad.
- Require regular software updates. Cybercriminals typically look for security flaws in outdated software. Updates are sent out to patch any holes in the software and reduce the opportunity for cybercriminals to attack. Employees should be required to update device software regularly.
- Establish response plans. Organizations should have specific response plans that outline steps to take when devices containing confidential information are compromised, lost, or stolen while traveling.
Business travelers often carry sensitive information on various devices, leaving them vulnerable to cyberattacks. However, taking the proper precautions while traveling can help them keep their technology and data secure.
As always, should please contact SouthGroup today for a review of your cyber policies and protections. The best defense is usually a well-prepared plan!
This Cyber Risks & Liabilities newsletter is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2022 Zywave, Inc. All rights reserved.