With small and fast laptops, powerful smartphones, tablets and readily available Wi-Fi, working on the road – on planes, in airports and hotel rooms – has never been easier. But security experts say these conveniences also make the offices away from home more vulnerable to serious security threats.
“It’s a huge, huge issue for companies and employees and growing more each day,” said Bruce McIndoe, president of iJET Intelligent Risk Systems, a travel risk management company. “It’s a ripe environment for hackers and criminals.”
A report released recently by Symantec Corp., a security software provider, and the Ponemon Institute, a privacy and information management research firm, found that data breaches showed no sign of levelling off and were increasingly costly.
“As business travellers, we’re on the road so much, we psychologically forget that we’re in public,” said Ben Knieff, head of product marketing for fraud at NICE Actimize, a company that focuses on financial crimes in the financial services industry.
Knieff recalled how he was recently boarding a plane and overheard an executive speaking loudly on a cellphone as he booked a hotel, revealing all of his credit card information, including the security code.
Laptops and mobile devices have numerous vulnerabilities, starting with loss and theft. McAfee, a security technology company, also noted, in a report in February, a 46 per cent increase in the amount of malware created for mobile devices from 2009 to 2010. To limit exposure of particularly sensitive information, some companies switch mobile devices when employees travel, McIndoe said.
“Older versions could be more vulnerable,” he said, as criminals have had time to learn how to hack them.
And criminal access to mobile networks may be easier in certain foreign countries, due to lax security and corruption.
Michael Malin, executive vice president of Mandiant, an information security company, suggested hiding mobile devices when they are unattended.
“We’ve all seen maids leave hotel room doors open with service carts,” he said.
Someone could easily enter the room and “infect a computer or extract sensitive data,” he said.
“We’re seeing the use of social networks to gather publicly available information on targets,” he added.
Posting photographs and travel plans can jeopardize personal safety and sensitive business negotiations, experts said.
Publicly shared computers at hotels and Internet cafes “are probably the riskiest,” Knieff said. “Anyone can walk in and sit down.”
Even printing boarding passes can be dangerous.
“Don’t leave them in public trash cans either. Anytime you leave data about yourself in a public place, it creates opportunities,” Knieff said.
Debit card data skimming has also been rising sharply, particularly in Europe and parts of Asia, Knieff said. He recommended that travellers report their plans to their banks. When using ATMs, travellers should look for signs of tampering and use machines only at banks, preferably in protected areas.
“I travel to Southeast Asia frequently and you hear about how it is a hotbed for credit card fraud,” said Bryndon Bay, president of Mel Bay Publications, a music publishing company, in Pacific, Missouri, who relies on his iPad and iPhone on the road.
Both are locked and protected with secure passwords.
“I never go to places where I have to enter frequent-flier numbers, credit card information, or any personal data,” he said, ‘`and I always clear off history after I finish because I don’t trust who may go on after me.
“I just feel I use common sense and it works for me,” Bay said.
Robert Hamilton, senior product marketing manager for Symantec, recommended avoiding free public Wi-Fi.
“Some look like legitimate hot spots, but they are set up by criminals,” frequently at airport terminals.
If using a wireless connection, he suggested accessing it through a smartphone connection, which is much harder to hack. And at hotels, obtain an access key before using the wireless connection, he said, to ensure it is not “sponsored by the person in the room next door.”
Betsy Page Sigman, a professor of operations and information management at the McDonough School of Business at Georgetown University, said travellers attending conventions should also be aware of the risks.
“You want to be overly cautious, especially if you are around a lot of competitors,” she said.
Bob Austin, president of KoreLogic, an information security consultancy, said, “If I had a single piece of advice for a business traveller’s peace of mind, it is whole disk encryption,” he said.
Used with a robust pass phrase, similar to a password, “everything on the hard drive is protected from disclosure.” Many organizations also require their employees to use virtual private networks, which lower the risk of interception when accessing public wireless sites. The VPN sends data through an encrypted tunnel.