We are coming to the end of the May half-term holiday period for those with children and thoughts may be turning to summer holidays and travel, whether this is in the UK or overseas.
Our own Personal Data
This means that our own personal data can be seen by others without us realising, or posts on social media could lead to announcing we are not at home (think about that one ).
Working away
For some, there is a need to do some work whilst away, even if it’s just emails. But, there are a few questions this raises. Some that I have thought of are that are relevant for us or any employees:
- What does this mean for data security?
- Are we opening ourselves and our businesses up for cyber attacks?
- Could there be unauthorised access when others view our screens?
- How can we secure the mobile device?
- Is public Wi-Fi used or can we ensure that we or employees can’t do this
- Could the mobile device be lost or stolen during travel or whilst away? How can this be reported?
- Is the mobile device covered by insurance as we all know that some smartphones can now cost more than a laptop?
I have some tips that you may find useful. You will no doubt work out that some are more relevant to personal situations and some more so for work.
1. Perform any software updates before you set off on your travels. These often need fast internet connections or a network connection if a work device so better to do this before you leave.
2. Back up your data to secure cloud storage. This means that you don’t need to download to the device as you should be able to access via an internet connection (one that you have checked!). Some countries also check or scan devices so making sure there is no data on it will help with security of that data.
3. Make sure device security is on and its encrypted. If you use a PIN, make it a longer PIN.
4. Device software. It’s a good idea to remove unlicensed software as some countries may have rules on this. Also think about what videos or photographs you may have stored on the device.
5. Some airports undertake security checks on laptops or tablets so you need to put these in a separate tray through the security process. Put it in the last tray you are using and try to keep your eye on the tray as they are often fed through quicker that you may personally get through the metal detector scans etc.
6. If employees are travelling, do they use branded laptops, laptop bags or similar. This can raise awareness that this is a business device which may be attractive to opportunistic theft. Also, remind employees not to wear lanyards or IDS badges when travelling. This is for their personal safety more than anything.
7. Think about Wi-Fi or Bluetooth connections. Perhaps switch these off whilst in large public areas such as train stations or airports. If you need to keep these switched on, ensure you use all security settings to avoid others connecting without your knowledge or gathering the IP address of your mobile device.
8. VPNs – can you provide a VPN for employees travelling and how can you set it to ensure that they use it anytime they are away from your network.
9. Do you allow the use of public Wi-Fi connections? What guidance do you provide to employees about using the free Wi-Fi on the train, in the station, airport or a café? How can they check they are connecting to the right one and not a spoof connection? Are any trusted? Awareness of the issues is a great starting point.
10. Privacy filters are a must nowadays, especially when using laptops or tablets. How many times have you been on a train and been able to read someone’s screen or even overheard conversations? Privacy Screens are failsafe but they help.
11. If you are staying in a hotel or conference hotel, be cautious of using a hotel provided device or their business/printing services. Ask questions about security, do they keep any records of access or logins?
12. Do you have copies of important documents including travel documents? Relying on your smartphone for your tickets or finding a phone number for your bank may be difficult (signal, not enough data, overseas charges). It may be old-school but having a paper copy get secure with you will help. I always have a photo of my passport stored in my secure cloud storage as it helps if you need to get an emergency passport at any time. Similarly perhaps have a photo of your diving licence stored securely.
13. Luggage tags should perhaps just have your last name and a postcode if you need an address, or a mobile number for contact in your luggage is left behind or lost.
14. When you have a barcoded luggage label put onto your hold luggage at the airport - those sticky long labels that the staff put around your luggage handle - make sure you dispose of this safely and securely. Same goes for your boarding pass. It contains a lot or personal data behind the barcodes and codes used. These can lead to something called Social Engineering which can lead to more serious cyber-attacks, fraud or even physical theft from your home or office.
15. Using reputable companies for hotels, car hire, parking etc is a must. It won’t prevent the rogue employee doing something – who can really – but it’s a step in the right direction. That said, in Spain you are required to hand over quite a bit of personal data now when holidaying or travelling there – at the hotels or when hiring cars. Be prepared for this. This is a government requirement in Spain so it isn’t the company or reps fault. No point in getting annoyed with them.
16. Do you use the Out of Office facility and if so what do you tell people? Would it be sufficient to say, “I can’t reply straight away, but I’ll pick up your email as soon as I can”? If you have employees, what advice or guidance do you give them on the wording in our of office messages – or even on signatures (do they detail planned absences with dates)?
17. What are you or employees posting on social media? Does this tell people about holidays – think back to the social engineering comment in tip 13 above. Even a picture of some lovely meal out can indicate you are not in the UK – a sunset meal next to a lovely beach with palm trees and ‘grass’ umbrellas might be a giveaway that you’re not in Blackpool or your local Greek restaurant (generally speaking of course – this may be on your doorstep in which case - enjoy).
You may have some more tips that you can share, these are just a few that I have thought of or come across.
Finally
I hope that these have given you something to think about as you are planning the next holiday or travelling for work. Have fun planning your next trip but include the steps to ensure personal data, company data and your devices are safe and secure.
You may wish to put together some guidance for employees that set out your expectations.
If you need help, please do get in touch - https://www.dtinformationgovernance.co.uk