Please enter your email below to subscribe
When visiting foreign countries that are known for their computer espionage, whether for business or personal reasons, travelers must use common sense in regards to their cyber security behavior. As a recent article in InfoWorld points out, U.S. government and independent security firms have published security warnings and studies detailing the threats to data security while traveling in “high-risk countries with significant cyber capabilities, those known to conduct cyber espionage, and those known for corporate espionage and stealing business secrets and intellectual property.” Travelers need to recognize that in some countries, NO digital device is safe, and a traveler can never assume he or she is not sufficiently important to be a target.
There are many methods that foreign agents use to steal data from unsuspecting travelers. A corporate or personal laptop left unattended in a locked hotel room could be opened and examined by a hotel employee, who is possibly working with the government or foreign business groups, while the guest is out to dinner. The entire contents of the hard drive could be copied, including proprietary business information and confidential emails. Worse, before the laptop is put back in its place, a virus could be installed that continues to spy on all of the owner’s communications and send information back to foreign computer servers once the owner returns home. Even simply using the hotel’s network to connect to the internet can be dangerous if a malicious person is monitoring and storing those communications or attempts to install a virus over the network.
There are steps that travelers can take to protect their data and communications while overseas. The number one way to prevent the stealing of data is to not bring it overseas in the first place. Travelers should use a laptop that is wiped clean when traveling abroad, so that when they return home the laptop can simply be wiped clean again to prevent the spreading of any viruses. Travelers should never leave their computers alone when they are abroad if they contain sensitive information; they should bring the devices with them even when they are simply going to dinner. The same common sense rules apply to mobile phones or tablets: when possible, only “clean” devices should be used, and they should be wiped clean again when the owner returns home. Mobile devices are especially vulnerable to over-the-air attacks in countries where the government controls the communications infrastructure and is able to silently install “updates” to phone operating systems without the owner’s knowledge or consent.
Using encryption on your laptop or mobile device is important if you absolutely must bring sensitive data along with you into at-risk countries. Most modern laptops and phones come preconfigured with standard encryption capabilities, but Department of Defense grade encryption options are also available for even more security. Turning off Bluetooth and WiFi access to your device while traveling will also limit the avenues through which hackers can attempt to access your device. This includes turning off “location services” on your device, which can track and broadcast your location in ways that you are sometimes not aware of. Finally, make sure that your antivirus software and internet firewalls are completely up-to-date and configured properly.
The bottom line when traveling abroad is that your data and communications can never be completely secure, and you can never be certain that you are not a target. Use common sense and protect yourself as much as possible when traveling in countries that are known to have significant cyber espionage operations.
Bart M. Schwartz is the chairman of Guidepost Solutions LLC, a global leader in investigations, due diligence, security and technology consulting, immigration and cross-border consulting, and monitoring and compliance solutions.