Businesses face increased cyber security risks when their employees travel. Company travellers are prime targets for cybercriminals. They often carry valuable data and may not always be careful about securing their devices. In this article, we will discuss key cyber security exposures for business travellers and outline a few cyber security tips that organisations can do to minimise these risks.
Cyber Security Threats While Travelling
Smartphones, tablets and laptops are particularly susceptible to data breaches, loss and theft. Some common cyber threats that business travellers may come across are:
- Unsecured wi-fi networks. Public wi-fi networks are unsecured and they can allow cyber criminals easier access to connected devices (as well as the information stored on them) than private wi-fi networks.
- Publicly accessible computers. Using your own login credentials on public computers is a significant cyber risk. Public devices often lack sufficient security and may already be infected with malware.
- Lost devices. Theft or loss of your device is a major threat to businesses. It can result in the theft of important data including personal data you are responsible for. Devices could be lost or stolen in busier places such as train stations and airports, you could also accidentally leave them behind in hotels, conference rooms or taxis.
How Employers Can Minimise The Risk
Ignoring cyber security when employees are travelling can be detrimental to a business. Data breaches can have devastating consequences. Including lost or stolen sensitive information, business downtime resulting in lost revenue, reputational damage and fees under the General Data Protection Regulation.
But there are some measures employers can put in place to minimise cyber security risks for business travellers. Follow these cyber security tips to protect your business:
- Have a business wi-fi policy. Organisations should have policies in place requiring employees to confirm the network name and precise login procedures with the appropriate staff before connecting to public wi-fi networks in airports or hotels. Some business activities, such as banking or confidential work-related projects, should not be conducted on public wi-fi networks. You should also ensure that devices are configured so that they do not automatically connect to wi-fi networks.
- Provide physical security training for digital assets. It’s common for travellers to let their guards down once they arrive at their destination, but this can be the time for an opportunist theft. Companies should provide business travellers training to ensure they never leave their devices unattended. Employees should be reminded of company policies to utilise strong passwords or multifactor authentication capabilities and lock devices in hotel safes upon leaving their rooms.
- Pack only the essentials. Businesses should ensure employees travelling leave unnecessary technology at home which will reduce the chance of theft loss and only take those that are essential for their role.
- Mandatory company policies on software updates. Cybercriminals typically look for security flaws in outdated software. Updates are sent out to patch any flaws in the software and reduce the opportunity for cybercriminals to attack. Employees should be required to update the software on all their devices regularly.
- Have a company response plan. Organisations should have response plans for all eventualities in their business including cyber risks. They should outline the steps to take when devices containing confidential information are compromised, lost or stolen during business travel. This should include the reporting requirements to the ICO.
With all of our devices, we are often carrying sensitive personal data but when you have a work device this also includes work-related data. Having this data means that you can be vulnerable to cyber-attacks. However, by ensuring you have the company policies and training in place your employees will take the proper precautions while travelling and help keep devices and data secure.
Contact our specialist cyber insurance team today to find out how a cyber insurance policy could protect you and your business.