by Graeme G Cunynghame (November 2015)
Traveling the world tops many people’s wish lists and for those in business, it is becoming part of doing business globally. It is estimated there are around 100,000 airline flights a day in the world. As Australian companies embrace globalization, travel is increasing in range and frequency which exposes workers to greater risks. This trend heightens the corporate liability of employers, who have a legal, judiciary and moral duty-of-care for their employees.
Business travellers should take measures to ensure not only the safety and security of themselves but also their business information while travelling overseas. Away from the familiar surroundings, overseas workers or business travellers may encounter precarious environments, presenting increased and unfamiliar threats to their health, safety and security. In the current global security circumstances, you or your firm may be a target of another country’s efforts to obtain information or technologies in order to increase their market share, build economies, or modernise their military. According to the FBI, some of the more overt targeting methods use by countries seeking to obtain information include luggage searches at airports, extensive questioning, and the unnecessary inspection and downloading of information from laptop computers.
Communication While Overseas
Your ability to reliably communicate is critical. Mobile telephones, laptop computers and tablets are the devices we are most likely to utilise while travelling overseas. There have been reported instances of laptop computers being compromised by government sponsored hackers within 30 minutes of the arrival of the traveller at a certain Asian destination. Communication devices can be critical in maintaining interaction with people who can assist in the event of a crisis. Alternatively, we could communicate through facilities offered at your accommodation, or by using Internet cafes and so on. However, such facilities may not be reliable or there when you need them.
According to the Australian Government Cybersecurity Operations Centre, it is important that all updates, patches, encryption and antivirus software are correctly installed and up-to-date. It is also advisable to remove any programs or applications not required as this type of software can be utilised as a gateway into your hardware. It’s also advisable to remove all non-essential data from a device. It may also be an advantage to disable any feature or software that is not required for the trip. The less software on a device, the smaller the opportunity to exploit the system and gain access to the device through software vulnerabilities. Disable Bluetooth and wireless capabilities and the ability to automatically join a network. You do not want your device inadvertently connecting to untrusted networks. Do not connect to open Wi-Fi networks for business purposes. It is recommended you communicate wirelessly through secure networks (e.g. virtual private network).
Were possible, avoid using web-based email services such as Gmail, Hotmail or Yahoo for business purposes as this might increase the security risk of unauthorised disclosure of information through unauthorised access to the account. Using webmail accounts for work purposes makes recipients more likely to accept social engineering mail as business-related. Importantly, clear your web browser after each use. This includes deleting the history files, cache, cookies, URL and temporary Internet files.
It is also important to ensure you use strong passwords. A password should be either a long simple password (12 alphabetical characters) or a complex password (at least 9 characters with a combination of upper and lowercase characters, numbers and symbols). A password should not be written down or stored with the device. For devices such as a smart phones or tablets, enable the short automatic screen lock, after which the password will automatically need to be re-entered. Always keep in mind that your device screen can be photographed while in use. It has been demonstrated by a U.S. University, that a photograph taken from the top of a high-rise building of a set of house keys sitting on a table at a coffee shop at ground level, could be used to facilitate the manufacture of a set of duplicate keys.
Backup your data before you travel! While you are travelling, it is important to maintain physical control over your devices. It is advisable to keep your device in your position at all times and not trust hotels or other services to provide physical protection of your communication or storage devices. It is not advisable to check your devices in as luggage, but carry them with you as hand luggage at all times. Avoid connecting USB devices such as an iPhone, iPod, and portable storage devices, or playing illegitimate CDs and DVDs unless you are confident they are uncompromised. Be particularly cautious of gifted USB devices, CDs or DVDs as they are an easy method to distribute malicious software.
If your device was taken out of your position for any reason or left in your hotel room for an extended period of time, particularly if you have travelled in a high-risk country, it would be a worthwhile exercise to check the device for any malicious software or evidence of compromise. Furthermore, change your passwords upon return from overseas travel. The undermentioned tips are by no means exhaustive but may be useful in promoting some thought about security when travelling overseas.
Tips before traveling:
- familiarise yourself with local laws and customs
- Plan your wardrobe – travel light
- Make copies of your passport, airline ticket, drivers license and credit cards. Keep a copy of each at home.
- Do not take unnecessary identification or credit cards in case they are stolen. Obtain travellers cheques if needed.
- Establish points of contact for your family to contact you in the event of an emergency.
- Take any necessary medications
- Obtain specific pre-travel country risk assessments (travel secure website – register for email updates)
- Sanitise your laptop, telephone etc, prior to travel – if not needed don’t take it.
- Clean out your voice mail.
Tips while traveling:
- Protect your passport at all times
- Be courteous and cooperative
- Use authorised taxis booked through accommodation booking services (fake taxis used for kidnappings)
- Beware of theft (e.g. sleeping compartments on trains)
- Do not invite strangers into your room
- Avoid travelling alone
- Do not leave drinks unattended
- Avoid long waits in lobbies and terminals (e.g. pickpockets, thieves and violent offenders especially in airports)
- Closely monitor bags passing through x-ray machines – someone else may target them while you are distracted
- If you are arrested for any reason – notify the nearest Australian embassy or consulate
- Beware of new acquaintances who probed for information
- Avoid any actions that are illegal, improper or indiscreet
- Keep a low profile and shun publicity, dress appropriately and avoid wearing items of clothing that will draw attention
- Be very aware of your surroundings (e.g. are you under surveillance)
- Take care using ATMs, particularly at night – preferably go into a bank to increase safety
- If anyone grabs you (kidnapping) make a scene then and there – yell, kick and try and get away, avoid going to second location
- If you become the victim of a robbery, don’t put up a fight – comply with the demands of the offender. Avoid carrying what you cannot afford to loose.
- Do not over share information during day-to-day conversations (e.g. financial problems, emotional issues, etc)
- Beware that your conversations may not be private or secure (e.g. Electronic eavesdropping)
- Do not leave electronic devices unattended. If a device is stolen report to an Australian Embassy or Consulate.
- Do not allow foreign electronic storage devices to be connected to your computer or phone
- Always advise a friend, work associate or relative of your schedule and whereabouts and report regularly.
- Do not carry items that do not belong to you as you alone will be responsible for the contents of your baggage.
- Be aware of the risks of HIV or other transmittable diseases – avoid ear piercing, acupuncture, tattooing or dental work.
- Be aware of some medications sold in Australia may potentially be illegal overseas
- If you are carrying prescription medicine, ensure you have a copy of a doctor issued prescription with you.
- If carrying syringes, ensure you have a copy of a letter signed by a doctor outlining the need for the syringes.
In most countries, you have no expectation of privacy in Internet cafes, hotels, airplanes, officers or public spaces. All information sent electronically can be intercepted, especially wireless communications. Security services and criminals can track your movements using your mobile phone and can turn on the microphone in your device even when you think it is turned off. Cyber criminals from numerous countries buy and sell stolen financial information including credit card data and login credentials (usernames and passwords). According to the FBI, during the Beijing Olympics, hotels were required to install software so law enforcement could monitor the Internet activity of hotel guests.
A strong travel security program not only meets a company’s legal and ethical responsibilities, but it also promotes employee well-being, business continually planning and reduce costs or expenses such as medical care according to International SOS. Responsibilities for developing an integrated risk management strategy cannot be delegated or outsourced and to ignore this issue is to ignore legal, commercial, judiciary and social responsibilities according to a recent International SOS White Paper “Duty of Care of Employers for Protecting International Assignees, their Dependents, and International Business Travelers”. Safe traveling its still a wonderful world.