When employees travel, the company data they have access to does too. Laptops, tablets, phones and other smart devices are targets for data thieves. A well-managed travel policy mitigates these threats for traveling employees and reduces risk to their employers.
But travel managers need to understand how and why these risks occur before they can take steps to address the larger issues at hand. As serious as cybersecurity is in this day and age, travel managers are far from helpless when it comes to preventing data breaches and identity theft.
Protecting data in unfamiliar places
Duty of care is all about protecting and supporting employees who travel for work. These days, part of that mission includes the security of any company data that corporate travelers possess or access when they're on the move.
Whether they're traveling around the U.S. or visiting foreign countries, travelers may be exposed to digital environments that are prone to data breaches. Use of public Wi-Fi, for instance, could increase the risk of data theft and identity fraud. And what about if a traveler's device, including all locally stored proprietary information, is lost or stolen?
Companies may prefer that employees keep important data in a secure cloud environment rather than in physical storage. Likewise, a policy may also include guidelines regarding the use of public Wi-Fi, perhaps requiring travelers to always log in to a mobile virtual proxy network (VPN).
Taking company data abroad
When traveling abroad, employees risk data breaches not only from individual bad actors but also governments. In an article from Computer World, consumer technology expert Mike Elgan cautioned managers about the risks involved with random searches at international airports. In certain areas of the world, travelers may be asked to open their smartphones and allow airport security to look through the content. Without a travel policy that addresses this reality, businesses leave travelers to make such decisions alone, which could prove risky. What should your employees do in this exact situation? How should they prepare for it?
Elgan suggested implementing a "travel mode" on all employee devices that suspends access to the device's locally stored or cloud-accessible data. That way, if border agents prompt travelers to unlock their phones, company data as well as the traveler will remain safe. After all, even the employees won't have access to the data while the device is in travel mode.
Maintaining device cleanliness
Mitigating the risk of fraud begins with the travel policy, which may include guidelines for how to "sanitize" devices prior to a trip. In this case, sanitization refers to the process of eliminating sensitive data from the device's hard drive. This is especially important for workers who travel frequently and often work from the road. Additionally, updating firmware and enterprise apps can keep bad actors from gaining access to sensitive data.
Not only are these travel-related fraud risks numerous, but they are also hard to manage. After all, data thieves don't want to be caught, and employees might not notice a breach until it's too late. We live in a world where almost everyone has a smartphone, and these devices are in constant use. Performing basic device maintenance, such as updating firmware and apps, makes it more difficult for cybercriminals to exploit security gaps and steal company data.
At the end of the day, there's a lot for travel managers to consider as they manage risks and refine their travel policies. For more information on how to develop a policy that reduces risk throughout the travel program, contact Direct Travel.
