People are more likely to take cybersecurity risks when traveling for business than for pleasure, finds the 2019 Travel Cybersecurity Study commissioned by IBM Security.
More than an IT issue, these days cybersecurity is everyone’s responsibility. Every email, every public Wi-Fi network, every free charging station is a potentially catastrophic encounter, and business travelers are particularly vulnerable. They are also surprisingly lax when it comes to even the most basic of precautions. A recent survey commissioned by IBM Security found that while traveling, “more than 70% of Americans have connected to public wi-fi, charged a device using a public USB station or enabled auto-connect on their devices.” This might not be surprising, but what is startling is that the survey found people were more likely to engage in this type of risky behavior when traveling for work.
With such potentially devastating consequences, how do you get your travelers to take cybersecurity seriously? Education is essential, says Travel Leaders’ Chief Information Security Officer Max Goldfarb. During his time at Travel Leaders, he has worked closely with the Compliance team to implement a robust information security and compliance training program for employees. “While many companies treat this type of training as a once-a-year event, usually with some boring slideshow, we push out three to five mandatory interactive training modules to everyone every quarter,” says Goldfarb. “We then follow-up our communications and training with phishing campaigns to measure the effectiveness of our training.” In addition, every week or two Goldfarb and his team send out security alert emails with examples of the latest phishing and other cyber threats they are seeing.
In some ways, getting employees on board with security protocols is very similar to getting them to comply with your travel policies. It all comes down to good communication.
Teaching your employees about cybersecurity is essential, whether they’re in the office or on the road. But how do you keep the information from going in one ear and out the other? In some ways, it’s very similar to getting them on board with your travel policies. It all comes down to good communication. Employees need to understand why the policies have been put in place and how they benefit. Employees who understand the consequences of a data breach are more likely to take security seriously, the same way as travelers who understand how booking out of network affects departmental revenue (and by extension, their bonuses) are more likely to comply with their company’s travel policies.
No one wants to be the person who cost their company millions of dollars because they downloaded malware or entered their credentials into a malicious website. No company wants to make headlines for leaking customers’ personal data. If you haven’t already, now’s the time to institute regular cybersecurity awareness training for your employees. Some things are too important to wait.
Cybersecurity Tips for Business Travelers
Twenty-year technology veteran Max Goldfarb, Travel Leaders’ Chief Information Security Officer, knows a thing or two about cybersecurity. Here are his top tips for keeping your data safe while on the road.
- Never expect privacy when traveling. Always assume that any information you send electronically can be intercepted and whatever digital information you have on your smartphone, tablet or laptop is at risk of being stolen.
- Avoid bringing unnecessary electronics with you; especially those containing sensitive information.
- Never leave your electronics unattended — that includes not leaving them in a hotel room safe.
- If you do have to bring electronics with you, make sure they are encrypted, up to date, have antivirus/antimalware software installed and the firewall is enabled.
- Subscribe to a reputable VPN service to keep your connection secure for when you do need to connect to the internet.
- When it comes to digital security and traveling, a large dose of paranoia is very healthy.