According to studies, seventy percent of business travellers have fallen victim to cyberattacks. This comes as security insiders warn that business people remain prime prey for cybercriminals seeking out confidential data.
With business travel growing by almost a fifth over the past year, experts have highlighted the risks of travellers following poor cybersecurity protocols, skipping secure passwords, and lacking proper cybersecurity education.
For example, the application security SaaS company Indusface has recently revealed the top cybersecurity risks for business travellers and how to protect company data on the road.
These tips are:
Unsecured Wi-Fi networks
One of the most common ways company data is put at risk is through employees connecting to unsecured wireless fidelity (Wi-Fi) spots whilst travelling.
Public Wi-Fi networks are often not encrypted, so any data sent or received is unprotected against unauthorized users. Alongside this, cybercriminals are clued in on the desperation many travellers experience when without Wi-Fi, leading to many creating honeypot hotspots where hackers create fake networks to collect company data.
Cafes, restaurants (25 percent), airports (23 percent), and hotels (20 percent) are the most common locations where personal information is compromised.
Venky Sundar, Founder and President of Indusface, tells Digital Journal: “The first port of call for businesses is to create policies that outline the protocols for public wifi usage, with requirements for complete avoidance or VPN usage. Ensure employees turn off auto-connect wifi settings too. Alternatively, business-funded mobile networks for hot-spotting will help deter public wifi connections for employees in a pinch.”
Device theft or loss
With 16 percent of business travellers planning to combine a business trip with a holiday this year, it is paramount to stay vigilant at all times. 80 percent of travellers have lost, forgotten, or had something stolen from them when they travel, but only 40 percent ever get their items back.
This prompts Sundar to indicate: “Effective ways to limit the risk of loss and theft is to implement clear policies on secure handling of business equipment when travelling and encourage employees to keep tech close at all times in secure luggage and hand luggage rather than checked bags. Companies can also invest in smart luggage and remote device management which allows the quick wiping of devices in the event of a loss.”
Unsecured mobile apps
Business travellers often rely on their mobiles when traveling for convenience and when using personal phones for business they may disregard the security of their apps. This includes messaging services that are not end-to-end encrypted, meaning messages both personal and for business are at risk.
As such, Sundar ponders: “Mobile app penetration testing is invaluable here, assessment of the security of mobile applications by simulating attacks helps identify vulnerabilities. Carrying out this testing is key to ensuring sensitive data is not at risk.”
Fake charging stations
Fake charging stations or juice jacking is a form of cyberattack where a device is plugged into a public USB charging port that a criminal has tampered with, once a device is plugged in, data is stolen, or malware is installed. This is particularly prevalent in airports, coffee shops, and on public transport, all places business travellers frequent.
Commenting on this, Sundar finds: “USB data blockers are inexpensive but a great solution to stop the data transfer between the device and the charging port. Investing in software security will help add another layer of defence if desperation hits. Alternatively, business travellers would benefit from a portable charger that can keep their tech going when away from the office.”
Shared or publicly accessible devices
Shared devices are a significant security risk wherever you are but sometimes they are unavoidable especially when travelling. From saved passwords and browsing history to stolen identity and bank details, sharing devices opens up a multitude of risks.
Hence, says Sundar: “Typically employees should avoid sharing devices at all times to limit the security risk, where unavoidable ensure to never save passwords, create separate accounts, and avoid using the device for sensitive material.”
