Mitigating Insider Threats: Managing Cyber Perils While Traveling Globally
Employees often face cyber attacks while they’re on travel for business, putting sensitive company data, trade secrets and intellectual property at risk.
Key Takeaways
-
Geopolitical concerns and often-related cyber attacks pose a threat to businesses while employees are traveling overseas.
-
Travelers must assume risk is everywhere and take the necessary precautions to avoid the breach of sensitive company information.
-
Businesses should conduct regular training and debriefing sessions.
In an increasingly digital world, the threat of cyber attacks continues to grow. At the same time, geopolitical concerns that are forcing firms to push cyber risk mitigation tactics to the top of their to-do lists – especially when it comes to employees traveling abroad.
According to the U.S. Federal Bureau of Investigation, corporate espionage is a serious threat for business travelers, who are often targets of threat actors or nation states working to steal sensitive company data, trade secrets and intellectual property.
“Cyber risk is omnipresent. Unlike physical security threats, indicators of information security threats are not visible. Travelers should assume cyber risk is everywhere and take the necessary precautions,” says Tom Richardson, intelligence manager, Aon GPS Special Risks. “Any company, from the largest Fortune 100 firm to an early-stage start-up, is susceptible to cyber threats when their employees travel, whether it be from a targeted attack or passive exploitation.”
Here are the top risks business travelers might face while overseas, according to the Office of the Director of the U.S. National Counterintelligence and Security Center:
- In most countries, there is no expectation of privacy in internet cafes, hotels, offices or public places. Hotel business centers and phone networks are often regularly monitored. In some countries, hotel rooms are searched.
- All information sent electronically can be intercepted. Wireless devices are especially vulnerable.
- Business traveler movements can be tracked via their mobile device. Security services and criminals can turn on the microphone in a device even when it appears off. To prevent this, remove the battery, if possible.
- Security services and criminals can insert malicious software into a device through any connection they control and can do so wirelessly as well. When travelers connect to their home server, the malware can migrate to their business, agency or home system. Take inventory and then send information back to the security service or potential malicious actor.
- Malware can also be transferred to a device through USB sticks, etc. Transmitting sensitive government, personal or proprietary information from abroad is therefore risky.1
While cyber attacks happen globally, incidents are more acute in certain nation states. In these areas, extreme care should be exercised by global travelers. Many government sites, including the U.S. Department of State, the Government of Canada and the National Cyber Security Centre in the U.K., provide guidance to travelers. The U.S. State Department’s site also shares travel advisories for nearly every country in the world.
“There are so many different risk factors to consider while traveling, whether domestic or overseas,” says Catarina Kim, managing director and intel practice leader, Aon Cyber Solutions. “When traveling to a new destination or overseas, take additional precautions to protect your data by leaving personal devices in a secure location at home, taking clean corporate devices for work purposes, and using secure connections to make calls and connect to the corporate network.”
Cyber risk is omnipresent. Unlike physical security threats, indicators of information security threats are not visible. Travelers should assume cyber risk is everywhere and take the necessary precautions.
Ten Important Tips to Follow When Traveling Overseas
These tips can be included in your conversations and training sessions with employees who are scheduled to travel overseas:
- Travel light. Limit the number of devices that are carried, if possible. If a traveler needs to bring a laptop, the best protocol is to keep it completely clean of data. If a traveler needs to bring a phone, consider using a burner phone. Register the devices with your business’s security team for active monitoring while traveling.
- One in four travelers are hacked by using public WiFi while traveling abroad, on average. Avoid using public internet and charging locations/kiosks, including hotel lobbies, airports or other travel hubs. Do not leave devices unattended at any time during a trip. This includes leaving them in a hotel room or safe. Use power-charge only cables to prevent data transfer.
- If a device is confiscated – even briefly -- at immigration or by a government official, notify your business’s security team as soon as possible.
- Ask a porter to provide escort to the hotel room and confirm it is vacant. Ensure all windows and doors can be locked and remain fastened when jostled.
- Meet people, including known contacts, in the hotel lobby and not in a hotel room.
- Be aware of surroundings and be mindful of repeated interactions with strangers who could be assessing potential vulnerability. If uncomfortable, enter a restaurant and contact a trusted individual to accompany the traveler back the hotel.
- Politely refuse food and drink offered by strangers. Do not leave belongings, meals or beverages unattended, even for short periods.
- Defer from posting on social media while traveling -- specifically content pertaining to the trip and related locations or contentious local issues.
- Account for all sensitive documents (passport, identification, visa, credit cards, etc.) before departing the hotel and immediately upon completion of the trip.
- Request that your business security team scan the device used during travel upon return.
“Organizations should take the time to brief traveling employees to ensure they are properly prepared prior to their departure,” says Mark Warner, director, Aon Cyber Solutions. “Tell them: ‘Here’s what you should and shouldn’t do.’ When they return, have a conversation with them about whether they were approached, or if anything unusual happened.”
About Cyber Solutions
Aon’s Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets and recover from cyber incidents.
Disclaimer
This material has been prepared for informational purposes only and should not be relied upon for any other purpose. You should consult with your own legal and information security advisors or IT Department before implementing any recommendation or guidance provided herein.
General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Aon Insights Series UK
Expert Views on Today's Risk Capital and Human Capital Issues
Construction and Infrastructure
The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.