Are Business Travellers Putting Corporate Data at Risk?
Try these preventative security measures for keeping corporate data safe.
By Christine Wong
Thanks to smartphones, laptops and tablet computers, corporate travellers can do business anywhere, anytime—and they do. About 95 per cent of global business travellers take their smartphones on the road, according to 2012 data compiled by PC Housing, a US firm that finds temporary accommodations for corporate travellers and relocated executives. According to the same study, the average business traveller checks their mobile phone 34 times a day.
But are we sacrificing security for the sake of productivity? Today’s bring-your-own-device (BYOD) phenomenon means companies are allowing millions of employees to use their own personal mobile devices for work purposes. While this boosts convenience, it also blurs the line between personal and professional data on one device. If you’re accessing company data or networks on your personal mobile device, there’s a corporate security implication if your device gets hacked, lost or stolen.
“It’s a huge issue,” says Kevin Haley, director of security response at Symantec Corp. in Culver City, Calif. “Everybody’s got personal mobile devices and corporate data seems to be making its way onto these smartphones.”
The most obvious and immediate security risk is the potential loss or theft of the hardware itself. “I’ve noticed how incredibly liberal travellers are with leaving their laptops and mobile devices lying around in (airport and hotel) lounges,” says Michael Merrithew, chairman and CEO of Merit Travel Group in Toronto and a past board director at the Canadian Corporate Travel Association. He says few of his corporate clients express IT security concerns. Instead, business travellers want to know if the hotel has Wi-Fi, how fast and reliable it is and whether it’s free.
So what should companies do? Adopt sound mobile security technologies and practices as preventative measures—before disaster strikes their executives on the road, says Nish Bhalla, founder and CEO of Toronto-based IT firm Security Compass. (See “Security Measures” on p.56 for tools and tips.)
Bhalla urges corporate travel managers to push for the creation of BYOD policies accompanied by education and enforcement: “[Some companies] might have a policy but not communicate it, especially to non-technical staff.”
Hand out these data security tips to your business travellers.
• Don’t use public Wi-Fi networks (no, not even those upscale coffee shop ones) if you can avoid them; there’s no way to gauge how secure they are.
• Never leave your phone, laptop or tablet unattended even for a second; carry it in your pocket, purse or briefcase at all times.
• Back up data on your corporate file server, a USB key, external hard drive or cloudbased storage service like Google Drive, iCloud or Dropbox.
• Use strong passwords (combining letters, numbers, upper and lower case characters) on all your mobile devices and change them up every few months.
• Use a virtual private network (VPN) for all business activities, if your company has one; it encrypts all data that flows over the Internet between your device and your company.
• Deploy mobile security software on your devices; offered by major vendors like McAfee, Symantec and Kaspersky, this software can encrypt data on your devices and scan for bad stuff like viruses and malware.
• Use the highest security setting on your e-mail and social media accounts; Gmail, for example, gives you the option of only allowing you to log into your Gmail account over encrypted networks.
• Use the corporate security features built into many of the newer smartphones; i.e., the Balance feature on BlackBerry’s Z10 and Q10 phones can keep your work data separate from your personal content.
• Make sure any cloud-based service you use on your mobile devices offers data encryption and has servers located in Canada (data stored outside Canada isn’t protected by Canadian data security and privacy laws).
• Consider mobile device management (MDM) software; it allows companies to encrypt data on staff devices, control access to their corporate network, deny access to certain apps, track and lock down lost or stolen devices, and remotely wipe corporate data from them if necessary.
Download your copy of these "Data Security Tips".
other articles in this section