Technology and Travel Safety
Executive travel is becoming more common every year, but many organizations have not updated their practices or guidance in the face of the dynamic society that we live in today. RANE spoke with Stuart Anderson, co-founder and CEO of the travel security solutions provider eTravel Safety, and James Barton, CTO of eTravel Safety, to discuss how firms can effectively employ technology in their travel safety practices.
Anderson says there should be a much larger and more sophisticated focus on technology than in the past. For organizations that outsource parts of their travel security program, understanding what data the vendor will hold and how they will protect it is essential.
- Anderson says that ascertaining who at the vendor will have access to what data is vital, as the firm will likely be providing information such as travel movements, locations, and other personal information that would constitute a serious security risk in the event of a data breach.
Anderson also suggests that organizations select a travel security vendor that is well-tuned to work with employees to ensure that travel security communication is timely, efficient, and effective.
- It is virtually impossible to get busy executives to sit through a 30-minute lecture on travel security. Anderson suggests that 60-90 second pre-recorded travel safety presentations that can be viewed on the go on a mobile device can be a more effective and digestible form of briefing. This permits the consumer to access the safety lesson/advisory easily and allows the travel security providers to ensure the message is up to date.
Barton notes that some common recommendations around protecting the organization’s technology during travel also need to be updated. Recommendations around “burner phones” and travel laptops may no longer be the best alternative.
- Matt Boccia, RANE’s subject-matter expert on travel safety, cautions that while burner phones offer non-attributable communications, they are not inherently secure.
- There are significant drawbacks in terms of functionality, as burner phones are often cheaply made, allowing bad actors to easily open, track, and record them. Additionally, burner phones’ signals are often not as strong as other phones, meaning the device could be out of coverage for long periods of time.
- Barton notes that, due to their limited functionality, many traveling employees will take their normal mobile device, along with a burner phone, while traveling, which can lead to mistakes and risky behaviors, including conducting business on their normal device. Boccia warns businesspeople that even if they do not conduct calls on their personal or work phones while abroad, their data and personal information is still on the devices and can be accessed by bad actors.
- Barton says that most companies do not use high-end laptops as travel devices, which means travel laptops can be very slow and frustrating to use, particularly if storage on the laptop itself is disabled and the user must be on-line to access data. The need to be online may drive the traveler to use unsecure connections such as internet cafés, restaurants, coffee shops, etc., which could place them in danger both in terms of cybercrime as well as, potentially, personal danger in some regions.
- Boccia advises that, for companies that retain travel laptops for repeated use, the devices should be cleaned after every trip to ensure that no valuable data remains on the laptop before its next use.
Barton tells traveling employees to always use a VPN when away from their home network and ensure that their hard drive is encrypted in order to prevent data from being stolen or manipulated.
- Barton recommends placing a SIM lock on your phone so if the phone is stolen, the SIM cannot be used in another phone by bad actors who may attempt to access your data.
- Barton also recommends that employees change the default name of their devices away from their name, as people will often look for a person’s device on a network scan (e.g. John Smith’s iPhone) to try and connect to it. Bluetooth should always be turned off when not in use.
- Employees should ensure that all software on their devices is updated before departing and ensure that they do not attempt to update their software while abroad.