Cybersecurity Tips for Business Travelers

I recently received an email from someone claiming to be from CNN, wanting to do a segment on cyber security for business travelers. They asked for some bullet points that tech-savvy travelers may be able to follow to protect themselves. I threw together some points that are common crime trends, or that I normally think about when travelling.

I am assuming the main concern is some type of hacking or data theft. I'm assuming some technical capability in my (general) recommendations below, and skipping some obvious pointers.

• Coordinate an OFFLINE authentication system with your secretary or work, and use this authentication token any time you are talking about money transfers or bank details. Common threat now - hackers know when you travel and use the confusion to defraud the company.
• The company should be running a VPN that works over ports 443 and/or port 80.
• Attempt to understand common cyber threats (and their cause) in the country - are you vulnerable to local attacks?
• Attempt to use systems that are NOT commonly used in the destination country. Target systems in Korea: Windows, IE, Android. Avoid these and your chances of being compromised are much lower. (Linux Live CD/USB is easy to use)
  
• Do you need to bring all of your work data with you? Can you copy only required documents to the system that you bring with you (threat minimization)? Wipe out the systems when you come back home.
• Same as above for phones / mobile devices.
  
• For business systems incl. phones, use full drive encryption and remote wipe capabilities (don't mess with location tracking services).
• Use a procedure for backing up all your data that always requires two-factor authentication - no remembered logins (if 'cloud-based').
• Be aware of how locals use credit cards. If they don't trust using cards in their country/city, you probably shouldn't either. In countries where point of sale (POS) attacks are trending, use cash.
  
• If possible (and trust-worthy) it may be better to use a local anti-virus while you are in the country.
• Try to avoid accessing sensitive information over the internet. If not using a VPN, prefer mobile broadband. If all else fails, at least make sure a local wireless connection is using encryption.
• Manually set your DNS to a trusted server.
  

These are some of the things I am thinking about on business trips abroad.

Cyber security abroad is really about common sense, and should not be that much different than cyber security at home. Try not to put sensitive information in risky situations, and if you have to, at least try to protect it (trusted VPNs, etc).

Photo by Yuri Samoiliv