Cybersecurity should be a high priority for all businesses. With threats constantly evolving, maintaining a secure environment is challenging. But when users travel for business, cybersecurity concerns skyrocket. They must maintain secure remote access, or your sensitive data could be exposed. Worse still, you must rely largely on users to reduce the security risk. We’ll break down the top tips to share with users before they take off.
1. Follow company policies
Why put all that work into developing IT policies if users don’t follow them? Before business travel, it wouldn’t hurt to remind users of your guidelines. Not only can it help reinforce what they hopefully already know, but it gives them an opportunity to ask any travel-related policy questions. And it gives you an opportunity to lay down the law.
2. Install updates
Whether you ask users to install updates themselves (please, no), or your IT team takes care of that, someone should install updates before your user hits the road. Vulnerability patching is especially critical since cybercriminals may look to exploit known weaknesses. However, even general updates may be worth installing to enhance productivity and functionality while users are away from the office.
3. Back up data
Whoever maintains your backups should work their magic before the user departs. A recent backup lets you restore lost company data if a disaster happens (e.g., the employee’s laptop ends up at the bottom of the hotel pool)
4. Download travel-related apps ahead of time
Encourage users to plan ahead. Many like to download airline, hotel, restaurant, or conference apps. While these can be incredibly convenient, it’s best to download them before departure.
Why, you ask? That’s an excellent question. You’re very astute. Well, threat actors know that business travelers are easy victims. They can just post a QR code in a high-traffic area, claiming it will download a legitimate app. Instead, it could download a malicious app or malware. So ask users to download those apps ahead of time — from a trusted source.
5. Use strong passwords
In a perfect world, you’ve already laid the groundwork by writing and enforcing a strong password policy. But even if your guidelines are flawless, urge users to revisit their passwords before traveling. For the highest level of protection, it may be worth changing passwords before they depart and again upon their return. That way, any credentials that fall into the wrong hands won’t be usable for long. A password manager can make the process quick and easy.
6. Avoid sharing travel information with outside parties
Obviously, employees’ families should know about their upcoming travels. But other than that, urge them to limit who else knows to protect your business from phishing. If an employee posts on social media or other public channels, aspiring phishers could easily put together a highly targeted attack by pretending to represent a legitimate company directly related to the user’s travel plans. For instance, an email that appears to be from the airline offering a free upgrade to first class would be hard for anyone to ignore. Most of us would walk through fire for even a few extra inches of legroom, so clicking a suspicious link seems like nothing.
The fewer people that know a business traveler’s plans, the less likely it is that someone will be able to leverage their trip details against them. As a bonus, being super secretive can make your users seem delightfully mysterious.
7. Leave unnecessary devices behind
When it comes to bringing work devices on trips, less is more. Your users should bring as few devices along as possible. For instance, if they attend a conference where they’ll be in sessions all day, they might not even need their laptop. Paring it down to the bare essentials massively reduces the attack surface. And it gives your users more room in their luggage to bring you back a souvenir snow globe.
8. Keep any device you bring with you
The less time the device spends alone, the better. Ideally, your users should keep it with them at all times. Don’t leave it sitting out in the hotel room. Don’t use it to reserve a table at Starbucks while running to the bathroom. And don’t forget it in an Uber or on public transportation. If the device is constantly with the user, it’s much harder for bad actors to gain physical access.
If, for some reason, the user has no choice but to leave their laptop in their hotel room, it should be tucked out of sight. Make sure the door is locked, and hang the “Do Not Disturb” sign. For even greater security, convince users to bring a laptop cable lock.
9. Lock your device
Whenever a device isn’t in use, it should be locked and protected by a password, pin, fingerprint ID, or facial recognition. Even if the user plans to stop using the computer for just a few moments while they chat with a colleague, it’s better to lock the device. Sadly, threat actors need very little time to do serious damage.
10. Disable Bluetooth
We won’t deny that Bluetooth is convenient. But it also allows nearby devices to connect and communicate with your user’s device, and that can be trouble. Disabling Bluetooth reduces risks and extends the battery life.
11. Be aware of border crossings
Crossing international borders, even into the United States, could get dicey. U.S. Customs and Border Protection agents and international authorities may conduct advanced searches on phones and laptops. According to the ACLU, they might download data even if the user isn’t suspected of a crime. They can also hold onto any device for up to 5 days (or longer under undefined “extenuating circumstances”). So if a user needs to travel internationally, we suggest ensuring their work device contains little to no locally saved data. While officials could still request access to cloud-based resources, at least it’s an extra hoop for them to jump through.
12. Consider the security of the Wi-Fi network
If you use an unsecured public Wi-Fi network, it’s easy for threat actors to collect personal information. (Which is why you should use a VPN. More on that later.) But malicious Wi-Fi networks (also known as hotspot honeypots) take things a step further, impersonating legitimate networks to steal sensitive information, like credentials and bank account details.
Users should avoid unsecured public Wi-Fi whenever possible. However, if they simply can’t resist that sweet, sweet free internet, they need to assess the security and legitimacy of the network. They can check for signage indicating a business’s official Wi-Fi network or confirm the network name with an employee. And even then, they should also avoid sending sensitive information over the network. That means no banking. No accessing confidential company resources. And no filing your taxes. (Sorry to be a buzzkill.)
13. Use VPN
Regardless of how official the network is, users should connect to VPN whenever they use an unsecured public network. VPN acts as an encrypted tunnel, making information much harder to steal in transit.
Think of it this way: Using public Wi-Fi is like riding a low-cost bus to your destination, while VPN is like upgrading to a private jet. Like that bus, anyone can hop on and off public Wi-Fi. That means you could be exposed to almost anything without even knowing who is all up in your business. In contrast, a private jet or VPN connection keeps out the riffraff so you can sip your champagne in the lap of luxury. Could someone get in? Theoretically. But it’s not likely.
14. Run antivirus software
Hopefully, you’ve already installed antivirus software on your users’ devices. Better still, you’ve worked the user out of the equation entirely, scanning the devices yourself on a regular basis. If so, let users know they should expect a few extra scans while the user is away on business. If you’ve put the ball in your user’s court (don’t), they should regularly run scans.
15. Don’t use credentials on public computers
Every so often, a user may run into a public computer. If they haven’t brought their device along for the trip, that computer can seem like a great opportunity to check in at work. But it definitely, definitely is not. A public computer could have spyware or a key logger installed. That means if the business traveler logs in to work accounts, they’re basically handing over their credentials on a silver platter.
Remind users that under no circumstances should they use public computers for work. If they need to feed their Neopets, sure, let them. But even then, they should anticipate that Neopian ne’er-do-wells might loot their NP balance.
16. Steer clear of public charging station
Public charging stations are convenient for travelers and even more convenient for hackers. That’s right: Juicing up a device can put you at risk. Bad actors can modify USB ports to infect devices with monitoring software or malware. Hello, data breach! Instead, users should rely on a standard electrical outlet or carry their own power bank.
17. Report potential incidents to IT
If users see (or do) something dubious, they should report it to IT immediately. Everyone messes up. They might forget one of these rules or even lose the device altogether. Regardless of what hullabaloo befalls them, business travelers should know to reach out to you ASAP. If there’s one thing worse than a compromised device, it’s a compromised device you don’t know about.
We know. It’s hard to send users out into the world and trust them to do the right thing. Reinforcing these tips can set them down the right path and reduce the risk of a major security breach.
But luckily, you don’t have to rely on users alone to keep remote devices secure. PDQ Connect allows you to manage devices over the cloud. Once the agent is installed, you can monitor and update machines whenever the user connects to the internet — regardless of whether they’re in the office or across the world. Deploy Java for a user in Jakarta. Update Microsoft Edge while your employee gazes off the Big Sur Cliffs. Take advantage of a free Connect trial to see how easy it can be.
