How to keep travellers from falling into the traps of cyber crooks

By John Schofield

They’re lurking in the online shadows, ready to pounce on unsuspecting business travellers.

They are cyber crooks who steal sensitive corporate data from smartphones, tablets and laptops. And they could cost your company big bucks: According to a recent report by mobile security software firm Lookout and the Ponemon Institute, a Michigan-based think tank dedicated to data security, the economic loss from a mobile data breach can soar as high as $25 million when reputational damage, lost business and regulatory penalties are accounted for.

Christopher Taylor, a Washington, DC, computer security consultant who spoke earlier this year at an Association of Corporate Travel Executives (ACTE) education forum in Toronto, says business travellers are a prime target for one main reason: complacency. In one study he cites, three out of 10 people were likely to click on an unsafe website link on their smartphones, compared to one in 10 people using their home computer.

One ongoing threat, which security researchers have dubbed DarkHotel, targets specific executives staying at luxury hotels. The hackers upload malware to the hotel’s network before the guest arrives. When the executive signs on, they try to dupe the person into downloading the malware using a pop-up for a phony software update. Travellers are also vulnerable to hackers at airports, coffee shops and almost any other public facility.

“This is a big deal and it affects everyone, so business travellers need to be very careful,” says Taylor. “You need to understand you’re in a hostile environment and be protected.”

Be Cyber Smart

Mobile data security experts recommend these tips to stay safe:

• Encrypt the data on your devices using security software. “Things get lost or stolen, left behind in taxi cabs,” says Michael Argast, director, business strategy, with Vancouver-based TELUS Security. “Encryption helps secure your data on these devices even if they’re lost.”

• Use strong passwords to reinforce encryption, adds Argast—not only for laptops, tablets and phones, but for removable media such as USB keys and portable hard drives. Password manage­ment software such as KeePass or LastPass can help.

• Avoid open Wi-Fi networks and use only encrypted Wi-Fi net­works. Make sure the network name is the one provided by the hotel, and not a dummy network set up by hackers.

• Use a virtual private network (VPN) provided by your company or subscribe to one to ensure that all traffic from your phone, tablet or laptop to the Internet is encrypted. Leading subscription VPN services include Private Internet Access (PIA), AirVPN and NordVPN.

• Understand the difference between real emails and phishing emails designed to trick you into downloading malware. Be wary anytime an email asks you to click on a link in the email. Also watch out for event-related targeted emails before, during and after travelling to a scheduled event.

• Be careful of conference giveaways like hardware or software, which may contain malware.

• Back up your data, and keep your devices with you at all times.