Infosec On The Go: What Do Your Road Warriors Know About Cybersecurity?
Did I pack socks? Check. Toothbrush? Check. Business cards, phone charger, passport? Check, check, and check. Do I know what I need to do and what not to do to protect myself, my devices and the company’s data while I’m on the road and traveling for work? [awkward silence, crickets chirping]
S&R pros, how would employees and executives at your firm answer that last question? It’s an increasingly important one. Items like socks and toothbrushes can be replaced if lost or forgotten; the same can’t be said for your company’s intellectual property and sensitive information. As employees travel around the world for business and traverse through hostile countries (this includes the USA!), they present an additional point of vulnerability for your organization. Devices can be lost, stolen, or physically compromised. Employees can unwittingly connect to hostile networks, be subject to eavesdropping or wandering eyes in public areas. Employees can be targeted because they are an employee of your organization, or simply because they are a foreign business traveler.
So what to do? Rick Holland and I are conducting research now to produce a guide to security while traveling abroad. It’s going to provide guidance for S&R pros to better prepare your executives and employees for travel, including actions to take before, during, and after a trip. We’ll be looking at considerations for things like:
- OPSEC. How to determine if employees are being targeted, the pros/cons of using burner equipment, the use of privacy screens on laptops, etc.
- Tactical, configuration guidelines. For endpoint and network protection, operating under the assumption that employees are being monitored at all times.
- OSINT. How open source intelligence from publicly available sources can inform the types of guidance provided and actions to take.
- Physical security. For example, executive protection services, etc.
What do you do to help prep employees for travel? Let us know in the comments! Or if you have a program in place in your organization that addresses cybersecurity or physical security while traveling, we’d love to interview you for this report (note that all research interview participants will remain anonymous, and receive a free copy of the published report).
Safe and secure travels to all!