How to better protect your data when you’re on a business trip overseas

HG Unified

How to better protect your data when you’re on a business trip overseas
How to better protect your data when you’re on a business trip overseas by Zakir Hussain –
Director, BD soft, Country Partner of Bitdefender
Government agencies, journalists, and businesses trading in some parts of the world may find
themselves at greater risk of being spied upon than others.
You only have to keep a vague eye on the security headlines to recognise that organisations
have had information stolen from them, or their computers compromised, when their staff
have visited countries such as Russia and China.
So, what should you be doing to protect yourself better digitally if you’re travelling to a highrisk
country? Here are some tips which may help prevent hackers from accessing sensitive
government information, corporate trade secrets, journalist contacts, and… of course…
passwords which could open up a wealth of further information. Do you need to go there in
the first place?
The first question to ask yourself is this: is your journey really necessary? Not only can a longhaul
trip overseas trip have an impact on your body clock and carbon footprint, but it’s
increasingly argued that face-to-face meetings are less necessary due to advances in
teleconferencing and online meeting services.
To be fair, I think that a video conference call is never quite as good as meeting someone in
real life, forming a good relationship over a business dinner, etc… but that doesn’t mean that
it should always be necessary to have a meeting in person.
Okay, you’re going on the trip. What will you bring with you?
If possible, do not bring your regular work laptop.
Instead bring a temporary “burner” laptop or alternative computing device that you wouldn’t
be too bothered losing or having compromised. Ensure that there is no sensitive data on your
devices before you make your trip.
And it doesn’t just stop at laptops. Consider not taking your smartphone, if possible and –
again – take a “burner” device instead.
Before you leave
Ensure that your security patches and anti-virus software is up-to-date. Ideally it is wise to
ensure that latest patches and updates are in place before you leave for your trip, to reduce
the chances that anything you download has been compromised.
3NCrypt y0ur d@ta and d3v1C3s
Encrypt your devices – making sure to choose strong, hard-to-crack, unique passwords. Where
possible also enable multi-factor authentication and biometric checks to make it harder for
an attacker to gain access to your data.
When communicating – via email or instant messaging – take advantage of end-to-end
encryption when possible to prevent conversations from being intercepted.
Turn off Wi-Fi
Disable Wi-Fi and Bluetooth when travelling. If you must use Wi-Fi ensure that you have a
trusted VPN enabled which will create an encrypted tunnel for your communications.
Even using hard-wired internet access in, say, a hotel may be inadvisable. A 3G or 4G cellular
connection remains the safest option.
Keep an eye on your devices, and beware the evil maid attack
If you do take your computer or smartphone with you, never leave them unattended.
Instead, keep your devices with you, and don’t leave them in your hotel room.

So-called “evil maid” attacks see someone access your hotel room – perhaps posing as room
service – and gaining access to your laptop. A keylogger may be installed, and your laptop
returned to its normal place in your room.
Noticing nothing suspicious (and perhaps pleased to notice your mini-bar has been restocked
and your bed made) you log into your device and your password is captured. On another visit,
the “evil maid” can obtain the password, and your device could have its data decrypted or be
implanted with a rootkit.
If it’s impractical to bring your computer with you, you could consider leaving it in your
room’s safe or check it in with the hotel concierge, but this doesn’t guarantee that it still
won’t be accessed and tampered with.
Email
Talk to your IT team. They may be prepared to set you up with a temporary “burner” email
address that can be used during your trip, with messages forwarded there from your current
account. Such a system means that even if it is compromised hackers will not be able to
access older communications – which will often reveal sensitive or personal identifying
information.
Obviously, you should disable the forwarding of messages to the burner email account upon
your return!
A spy in your pocket
If you are worried that your smartphone may have been compromised, don’t just turn it off in
meetings – remove its battery! That way there is little chance that it is secretly recording
your private conversations. One of the advantages of carrying a “dumb” phone overseas it is
unlikely to have as many methods of being compromised to either steal data or spy on you.
Social media
Be careful not to announce your whereabouts on social media either intentionally or
accidentally by, for instance, uploading images containing meta data that gives away your
location.
Going home
As you leave the foreign country, make a note if your devices are inspected at the border. If
they are, you may wish to be especially wary of every connecting them to your corporate
network – be sure to inform your IT security team upon your return.
Obviously if you chose to take a “burner” device in the first place, there is less pain
associated with dumping it upon your return
Internet attacks don’t respect country borders
Finally, remember that a determined hacker won’t necessarily limit their attacks to when
you are in their country. If they want to get into your systems they may well try when you
are “safely” back in your home country as well.
Always be aware of the techniques that malicious hackers use to break into systems, ensure
you have patches and anti-virus updates in place, and your wits about you.
Attributed to – Mr. Zakir Hussain – Director, BD soft, Country Partner of Bitdefender